CVE-2026-39179
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
08/07/2026
Last modified:
09/07/2026
Description
A SQL injection vulnerability in SOGo before 5.12.7 allows authenticated users to execute arbitrary SQL statements via the newPassword parameter in the password change functionality.
Impact
Base Score 3.x
6.30
Severity 3.x
MEDIUM



