Lucene search
K

CVE-2026-8851 SOGo < 5.12.8 SQL Injection via addUserInAcls endpoint

🗓️ 18 May 2026 20:10:10Reported by VulnCheckType 
cvelist
 cvelist
🔗 www.cve.org👁 37 Views

SQL injection in SOGo addUserInAcls endpoint enables authenticated data exfiltration via uid into sogo_acl and acls API.

Related
Affected
Refs
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-8851
18 May 202620:10
attackerkb
Circl
CVE-2026-8851
23 May 202617:30
circl
CNNVD
SOGo SQL注入漏洞
18 May 202600:00
cnnvd
CVE
CVE-2026-8851
18 May 202620:10
cve
Debian
[SECURITY] [DLA 4657-1] sogo security update
29 Jun 202618:30
debian
Debian
[SECURITY] [DSA 6366-1] sogo security update
25 Jun 202618:21
debian
Debian CVE
CVE-2026-8851
18 May 202620:10
debiancve
Tenable Nessus
Debian dla-4657 : sogo - security update
29 Jun 202600:00
nessus
Tenable Nessus
Debian dsa-6366 : sogo - security update
26 Jun 202600:00
nessus
Tenable Nessus
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 26.04 LTS : SOGo vulnerabilities (USN-8504-1)
7 Jul 202600:00
nessus
Rows per page
[
  {
    "vendor": "Alinto",
    "product": "SOGo Webmail",
    "versions": [
      {
        "status": "unaffected",
        "version": "5.12.8",
        "versionType": "git"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThanOrEqual": "5.12.7",
        "versionType": "git"
      }
    ],
    "defaultStatus": "affected"
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

19 May 2026 13:37Current
CVSS 3.18.1
CVSS 48.6
EPSS0.00316
37