What is the CVSS score of CVE-2026-40016?

CVE-2026-40016 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-40016?

Yes, a patch is available for CVE-2026-40016. Update the affected software to the latest version immediately.

OX Dovecot Pro CVE-2026-40016

EUVD-2026-29470 MEDIUM

Uncontrolled Resource Consumption (CWE-400)

2026-05-12 OX

GHSA-m97m-74mq-mqc6

Denial Of Service Red Hat Suse

5.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

May 12, 2026 - 14:16 vuln.today

CVE Published

May 12, 2026 - 13:28 nvd

MEDIUM 5.3

DescriptionNVD

Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed version, or alternatively prevent direct access to Sieve scripts via ManageSieve or local access. No publicly available exploits are known.

AnalysisAI

OX Dovecot Pro allows authenticated users to upload malicious Sieve scripts via ManageSieve protocol or local access that bypass configured CPU time limits by up to 130 times, enabling denial of service through server performance degradation. The vulnerability requires low-privilege authenticated access and medium attack complexity, affecting availability without compromising confidentiality or integrity. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory