CVE-2026-33550

Low CVSS: 2.0

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).

Vendor

Product

CWE

Yayın Tarihi

2026-03-22 03:16:01

Güncelleme

2026-03-23 19:57:28

Source Identifier

cve@mitre.org

KEV Date Added

CWE-308 Sogo LOW Alinto 2026

https://github.com/Alinto/sogo/commit/83d4c522f87cfde0ba543837d9b24c3479083ec2 https://github.com/Alinto/sogo/releases/tag/SOGo-5.12.5

Medium

CVE-2025-71276

SOGo before 5.12.5 is prone to a XSS vulnerability with events, tasks, and contacts categories.

Medium

CVE-2026-3054

A vulnerability was identified in Alinto SOGo 5.12.3/5.12.4. This impacts an unknown function. The manipulation of the a…

Medium

CVE-2025-63499

Alinto Sogo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the theme parameter.

Medium

CVE-2025-63498

alinto SOGo 5.12.3 is vulnerable to Cross Site Scripting (XSS) via the "userName" parameter.