Description

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).

INFO

Published Date :

2026-03-22T02:16:56.263Z

Last Modified :

2026-03-23T15:53:19.737Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2026-33550 vulnerability.

Vendors Products
Alinto
  • Sogo
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33550.

URL Resource
https://github.com/Alinto/sogo/commit/83d4c522f87cfde0ba543837d9b24c3479083ec2 cve-icon cve-icon
https://github.com/Alinto/sogo/releases/tag/SOGo-5.12.5 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact