CVE-2026-46446
HIGH NVDCVSS Score
7.1
Severity
HIGH
Source
NVD
Published
May 14, 2026
Description
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.