CVE-2026-39178
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
08/07/2026
Last modified:
09/07/2026
Description
A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the search parameter of the allContactSearch endpoint.
Impact
Base Score 3.x
6.30
Severity 3.x
MEDIUM



