Critical SOGo Vulnerabilities Affecting Multiple Ubuntu Versions

Critical SOGo Vulnerabilities Affecting Multiple Ubuntu Versions

First seen 6 Jul 2026, 23:49 UTC UbuntuLinuxsecurity 93% similarity 70.5

Article Content

Browse articles
ThreatCluster

Recent vulnerabilities in SOGo have been identified, impacting Ubuntu 18.04 LTS, 20.04 LTS, 22.04 LTS, and 26.04 LTS. The issues include improper sanitization of input leading to potential cross-site scripting (CVE-2025-71276, CVE-2026-3054) and SQL injection vulnerabilities (CVE-2026-46445, CVE-2026-46446). Additionally, a flaw allows remote attackers to bypass authentication due to issues with one-time password management (CVE-2026-33550). These vulnerabilities could allow attackers to execute arbitrary code or gain unauthorized access. Users are advised to update their systems to the latest package versions to mitigate these risks. The vulnerabilities were disclosed in a security notice by Ubuntu on July 5, 2026.

Key Points: • SOGo vulnerabilities affect multiple Ubuntu LTS versions, including 18.04 and 26.04. • Critical issues include cross-site scripting and SQL injection vulnerabilities. • Immediate updates are necessary to mitigate risks associated with these vulnerabilities.

ThreatCluster AI

Timeline

2021-06-04
CVE-2021-33054 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2024-05-04
CVE-2024-34462 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2025-11-20
Public exploit for CVE-2025-63499 released
A proof-of-concept exploit appeared on GitHub, lowering the barrier for opportunistic attackers.
GitHub
2025-11-24
CVE-2025-63498 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-02-24
CVE-2026-3054 published
A vulnerability in SOGo allowing cross-site scripting attacks was disclosed.
Ubuntu
2026-03-22
CVE-2025-71276 and CVE-2026-33550 published
Vulnerabilities in SOGo related to improper input sanitization and one-time password management were disclosed.
Ubuntu
2026-05-13
CVE-2026-8496 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-05-14
CVE-2026-46445 and CVE-2026-46446 published
SQL injection vulnerabilities in SOGo were disclosed, affecting sensitive data access.
Ubuntu
2026-05-18
CVE-2026-8851 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-05
Ubuntu security notice USN-8504-1 published
Ubuntu released a security notice detailing multiple vulnerabilities in SOGo and recommended updates.
Ubuntu

Community

Browse all →