Excessive RFC 2231 MIME Parameters Cause Performance Issues in Dovecot Mail Server
CVE-2026-27859

5.3MEDIUM

Key Information:

Vendor: Open-xchange Gmbh
Status: Ox Dovecot Pro
Vendor: CVE Published:; 27 March 2026

🔔 Create Open-xchange Gmbh Vulnerability Alert

What is CVE-2026-27859?

A vulnerability exists in the Dovecot Mail Server where a crafted mail message with an excessive number of RFC 2231 MIME parameters can lead to high CPU usage during the mail delivery process. This can significantly impair server performance and affect mail delivery efficiency. Administrators are advised to employ MTA capabilities to restrict the number of RFC 2231 MIME parameters in incoming mail messages or to upgrade to a newer version of Dovecot where this processing limitation is enforced. Currently, there are no known public exploits for this issue.

Affected Version(s)

OX Dovecot Pro 0 <= 3.0.2

OX Dovecot Pro 0 <= 3.1.0

OX Dovecot Pro 0 <= 2.4.0

References

https://documentation.open-xchange.com/dovecot/security/a...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2026
Vulnerability Reserved
Feb 24, 2026

CVE-2026-27859 Data

JSON