Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in SOGo.
Software Description:
- sogo: Open Source Webmail for businesses and communities
Details:
It was discovered that SOGo did not properly sanitize categories used
for events, tasks, and contacts. A remote authenticated attacker could
possibly use this issue to perform cross-site scripting attacks. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04
LTS, and Ubuntu 26.04 LTS. (CVE-2025-71276)
It was discovered that SOGo did not properly sanitize the hint query
parameter. A remote attacker could possibly use this issue to perform
cross-site scripting attacks. This issue only affected Ubuntu 26.04
LTS. (CVE-2026-3054)
It was discovered that SOGo did not renew the one-time password when a
user disabled and re-enabled it, and used a shorter length than
recommended. A remote attacker could possibly use this issue to bypass
authentication. This issue only affected Ubuntu 22.04 LTS and Ubuntu
26.04 LTS. (CVE-2026-33550)
I...
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
sogo 5.12.4-1.2ubuntu0.1~esm1
Available with Ubuntu Pro
sogo-activesync 5.12.4-1.2ubuntu0.1~esm1
Available with Ubuntu Pro
sogo-common 5.12.4-1.2ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
sogo 5.5.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
sogo-activesync 5.5.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
sogo-common 5.5.1-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 20.04 LTS
sogo 4.3.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
sogo-common 4.3.0-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
sogo 3.2.10-1ubuntu0.1~esm1
Available with Ubuntu Pro
sogo-common 3.2.10-1ubuntu0.1~esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
sogo 2.2.17a-1.1ubuntu0.1~esm1
Available with Ubuntu Pro
sogo-common 2.2.17a-1.1ubuntu0.1~esm1
Available with Ubuntu Pro
After a standard system update you need to restart SOGo to make
all the necessary changes.https://ubuntu.com/security/notices/USN-8504-1
CVE-2021-33054, CVE-2024-34462, CVE-2025-63498, CVE-2025-63499,
CVE-2025-71276, CVE-2026-3054, CVE-2026-33550, CVE-2026-46445,
CVE-2026-46446, CVE-2026-8496, CVE-2026-8851
Get the latest Linux and open source security news straight to your inbox.