2 matches found
CVE-2026-0394
When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...
PT-2026-28308
Name of the Vulnerable Software and Affected Versions Dovecot affected versions not specified Description Dovecot is susceptible to a path traversal issue when configured to use per-domain passwd files. If these files are located one path component above /etc, or if a slash character is included ...