HIGH SeverityCVSS 3.17.1CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

CVE-2026-46446

Last updated May 14, 2026 · Published May 14, 2026

Description

SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.

Affected products

1 listed

Alinto:SOGo

Mappings

CWE

CWE-89

CAPEC

None listed.

Research

SQL InjectionCovers how unsafe query construction enables data theft and database compromise. Provides parameterization and…

Guides

SQL Injection Prevention with PrismaSafe patterns for raw queries and dynamic filters.

Training

Injection TodaySQL, NoSQL, ORM, and LLM injection - what's changed and what hasn't.
Data Protection and EncryptionEncryption at rest, in transit, and the practical choices developers actually make.

CVE-2026-46446

Description

Affected products

Mappings

Related