Red Hat Product Errata RHSA-2026:13498 - Security Advisory Issued: 2026-05-04 Updated: 2026-05-04 RHSA-2026:13498 - Security Advisory Overview Updated Packages Synopsis Important: dovecot security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for dovecot is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix(es): dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command (CVE-2025-59032) dovecot: denial of service via crafted message before authentication (CVE-2026-27858) dovecot: denial of service via specially crafted NOOP command (CVE-2026-27857) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Fixes BZ - 2452172 - CVE-2025-59032 dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command BZ - 2452175 - CVE-2026-27858 dovecot: denial of service via crafted message before authentication BZ - 2452179 - CVE-2026-27857 dovecot: denial of service via specially crafted NOOP command CVEs CVE-2025-59032 CVE-2026-27857 CVE-2026-27858 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM dovecot-2.3.21-16.el10_1.1.src.rpm SHA-256: c453c052f08d8efe3e0b791032311805d371060a01a313c40ce4d2b700ac0585 x86_64 dovecot-2.3.21-16.el10_1.1.x86_64.rpm SHA-256: b97baff63e3291d4deb66612293e82b867939b8b10a3abcd26d0b64039e6ef48 dovecot-debuginfo-2.3.21-16.el10_1.1.x86_64.rpm SHA-256: f836ed77f4f74cb47b9f62d3f6078dd679823bf6f657b08b36a48dd4eace87af dovecot-debugsource-2.3.21-16.el10_1.1.x86_64.rpm SHA-256: 0baba64ee5d4119e8c89fb9500cf6a777201b5be4f3465150297c4eb1f0733f1 dovecot-mysql-2.3.21-16.el10_1.1.x86_64.rpm SHA-256: 9a9761fed59efa3f1bf7ef5c081c221b29b45ebe7ab017bc995ed77d4fe8b45e dovecot-mysql-debuginfo-2.3.21-16.el10_1.1.x86_64.rpm SHA-256: 49c69b343a82ae70f587607082983ef0927ccad308255c05bcbf7393f0a31e27 dovecot-pgsql-2.3.21-16.el10_1.1.x86_64.rpm SHA-256: 585a5cd3e682b836c996215bcb731c3ffe4d6ee816b8ea2372a43263e5b3bf66 dovecot-pgsql-debuginfo-2.3.21-16.el10_1.1.x86_64.rpm SHA-256: f0fb05daa54c6caa9cf70bbf724735c311380a62822ed1414cc98915db65cc3f dovecot-pigeonhole-2.3.21-16.el10_1.1.x86_64.rpm SHA-256: 18947732d86bad2d3bd44201e38bacaba83112908338d8ff527699f29bd3f237 dovecot-pigeonhole-debuginfo-2.3.21-16.el10_1.1.x86_64.rpm SHA-256: 7416af1b44e7315676c29474985648690e43d1833c4c0fdbe82cdb7299454c3d Red Hat Enterprise Linux for IBM z Systems 10 SRPM dovecot-2.3.21-16.el10_1.1.src.rpm SHA-256: c453c052f08d8efe3e0b791032311805d371060a01a313c40ce4d2b700ac0585 s390x dovecot-2.3.21-16.el10_1.1.s390x.rpm SHA-256: 65665e329e96695baf0b843b5dea551812ec3ffd2f074051e9aac5a8a31d090d dovecot-debuginfo-2.3.21-16.el10_1.1.s390x.rpm SHA-256: 6c5db4bedcf3d582a931ca06ba83de02dc5f2898d436c6d9026e9c1593672c22 dovecot-debugsource-2.3.21-16.el10_1.1.s390x.rpm SHA-256: 2e518b764763b97c281b149f224d54d147e4603433282e69895655724d9c3223 dovecot-mysql-2.3.21-16.el10_1.1.s390x.rpm SHA-256: cd033fbd49ddbf93beb6354b984358fc60349572b6fb478e9caae11368ddf36c dovecot-mysql-debuginfo-2.3.21-16.el10_1.1.s390x.rpm SHA-256: 27538912b40e4784592ea037d4d60717c84d6801d30396bb77b844360c79f6a3 dovecot-pgsql-2.3.21-16.el10_1.1.s390x.rpm SHA-256: 062ae98fdced854a80aa73d54f2598b6e59611521c232847cbffd5a18d308d1a dovecot-pgsql-debuginfo-2.3.21-16.el10_1.1.s390x.rpm SHA-256: 0409d724a9fe59d50e98f223bb2d70e38e040df7c2cdb3eefb3dfa9256b1adc2 dovecot-pigeonhole-2.3.21-16.el10_1.1.s390x.rpm SHA-256: 67ae482ad06b925ca4e9bb0e806132573993349cd8c90d55f9ad7d691af4ef32 dovecot-pigeonhole-debuginfo-2.3.21-16.el10_1.1.s390x.rpm SHA-256: eb0a83e98e97e9d1594598d08d966662ae9974990a95a113b253803d6277d0ba Red Hat Enterprise Linux for Power, little endian 10 SRPM dovecot-2.3.21-16.el10_1.1.src.rpm SHA-256: c453c052f08d8efe3e0b791032311805d371060a01a313c40ce4d2b700ac0585 ppc64le dovecot-2.3.21-16.el10_1.1.ppc64le.rpm SHA-256: c9fc64af6c4327a9df4926368a8bd7f92307008f128de03a55f6542c701d165e dovecot-debuginfo-2.3.21-16.el10_1.1.ppc64le.rpm SHA-256: 630c551a162688a1853d40f7e0f099f26eb8980568131befb5577bc540d5ace6 dovecot-debugsource-2.3.21-16.el10_1.1.ppc64le.rpm SHA-256: 7da834dc2ac60b290a19559e612d97f8b1eec88df2876877bbed07e4c19b65e5 dovecot-mysql-2.3.21-16.el10_1.1.ppc64le.rpm SHA-256: 8b23ddec2af2a2c2ea9e6d0349a23f61e3401886ab1ba9b1ea2b253d8ab9396b dovecot-mysql-debuginfo-2.3.21-16.el10_1.1.ppc64le.rpm SHA-256: 55d8cdace865eba418e86b07504954cf360a0dfac496c61d8338497145c3eb67 dovecot-pgsql-2.3.21-16.el10_1.1.ppc64le.rpm SHA-256: 627802229c15e90ba56b72aef3b51d9e8cd90986bd4f84646e8dbfdccd5e6dcc dovecot-pgsql-debuginfo-2.3.21-16.el10_1.1.ppc64le.rpm SHA-256: e9ca2a07ec67e9ff79da01c81c9a64f618163c5bfcc431f3af293c57e58cc5c2 dovecot-pigeonhole-2.3.21-16.el10_1.1.ppc64le.rpm SHA-256: 93be79c265800d48821b5153e86ae583a71027fe27698d3544ec47a9431e598a dovecot-pigeonhole-debuginfo-2.3.21-16.el10_1.1.ppc64le.rpm SHA-256: f7a1b93b7e610fda724ccb4e9e060f90f8e68dfce2dcc2b3f4152db822149200 Red Hat Enterprise Linux for ARM 64 10 SRPM dovecot-2.3.21-16.el10_1.1.src.rpm SHA-256: c453c052f08d8efe3e0b791032311805d371060a01a313c40ce4d2b700ac0585 aarch64 dovecot-2.3.21-16.el10_1.1.aarch64.rpm SHA-256: 3fcf8f3a2a87620ff10413be7326bdc97e43aa1bd8866d1fb38215d061186886 dovecot-debuginfo-2.3.21-16.el10_1.1.aarch64.rpm SHA-256: a92a2359e8ed4cf297e20e5037c9d6b48b77a012761bd5b4c5b7fce5f0e41e87 dovecot-debugsource-2.3.21-16.el10_1.1.aarch64.rpm SHA-256: 32b3aa8eda03678fd4918a132fb0ec6cc5872d38817e3bb940cb8220344746ba dovecot-mysql-2.3.21-16.el10_1.1.aarch64.rpm SHA-256: ba788e4f0ea7dad9286bb2042649b1c2cd5d6e186fd88936da7b4a8e937017aa dovecot-mysql-debuginfo-2.3.21-16.el10_1.1.aarch64.rpm SHA-256: 247d6387082b731d8c0346b91f8749dd833c56715022cd3d81813289d705e1e8 dovecot-pgsql-2.3.21-16.el10_1.1.aarch64.rpm SHA-256: d3854cd9094c0c230e01a1d90e4c4cc9bd16ac6fc144298f71ee0c2f3dbc32c9 dovecot-pgsql-debuginfo-2.3.21-16.el10_1.1.aarch64.rpm SHA-256: 709083726b2356af3aa4191af54d70c67e1a111708f288596df97e24aaef84b6 dovecot-pigeonhole-2.3.21-16.el10_1.1.aarch64.rpm SHA-256: 5ef01814d4b92df9930fcc43b0835f112999640b4f6a43440f40d1ca03046838 dovecot-pigeonhole-debuginfo-2.3.21-16.el10_1.1.aarch64.rpm SHA-256: cb43e61522fb9cbfe88f07a6bc8877662b9aedf3ab01b07df87dc3f781c88766 Red Hat CodeReady Linux Builder for x86_64 10 SRPM x86_64 dovecot-debuginfo-2.3.21-16.el10_1.1.x86_64.rpm SHA-256: f836ed77f4f74cb47b9f62d3f6078dd679823bf6f657b08b36a48dd4eace87af dovecot-debugsource-2.3.21-16.el10_1.1.x86_64.rpm SHA-256: 0baba64ee5d4119e8c89fb9500cf6a777201b5be4f3465150297c4eb1f0733f1 dovecot-devel-2.3.21-16.el10_1.1.x86_64.rpm SHA-256: 279c5b5b7b49243bcd9fae5fb47ea4774fee1246189ad77fff6ddc000bd5f8d0 dovecot-mysql-debuginfo-2.3.21-16.el10_1.1.x86_64.rpm SHA-256: 49c69b343a82ae70f587607082983ef0927ccad308255c05bcbf7393f0a31e27 dovecot-pgsql-debuginfo-2.3.21-16.el10_1.1.x86_64.rpm SHA-256: f0fb05daa54c6caa9cf70bbf724735c311380a62822ed1414cc98915db65cc3f dovecot-pigeonhole-debuginfo-2.3.21-16.el10_1.1.x86_64.rpm SHA-256: 7416af1b44e7315676c29474985648690e43d1833c4c0fdbe82cdb7299454c3d Red Hat CodeReady Linux Builder for Power, little endian 10 SRPM ppc64le dovecot-debuginfo-2.3.21-16.el10_1.1.ppc64le.rpm SHA-256: 630c551a162688a1853d40f7e0f099f26eb8980568131befb5577bc540d5ace6 dovecot-debugsource-2.3.21-16.el10_1.1.ppc64le.rpm SHA-256: 7da834dc2ac60b290a19559e612d97f8b1eec88df2876877bbed07e4c19b65e5 dovecot-devel-2.3.21-16.el10_1.1.ppc64le.rpm SHA-256: 36791804372ebfee697ac85059252172ac9f00f2b1631f4a4dfa0774783982b7 dovecot-mysql-debuginfo-2.3.21-16.el10_1.1.ppc64le.rpm SHA-256: 55d8cdace865eba418e86b07504954cf360a0dfac496c61d8338497145c3eb67 dovecot-pgsql-debuginfo-2.3.21-16.el10_1.1.ppc64le.rpm SHA-256: e9ca2a07ec67e9ff79da01c81c9a64f618163c5bfcc431f3af293c57e58cc5c2 dovecot-pigeonhole-debuginfo-2.3.21-16.el10_1.1.ppc64le.rpm SHA-256: f7a1b93b7e610fda724ccb4e9e060f90f8e68dfce2dcc2b3f4152db822149200 Red Hat CodeReady Linux Builder for ARM 64 10 SRPM aarch64 dovecot-debuginfo-2.3.21-16.el10_1.1.aarch64.rpm SHA-256: a92a2359e8ed4cf297e20e5037c9d6b48b77a012761bd5b4c5b7fce5f0e41e87 dovecot-debugsource-2.3.21-16.el10_1.1.aarch64.rpm SHA-256: 32b3aa8eda03678fd4918a132fb0ec6cc5872d38817e3bb940cb8220344746ba dovecot-devel-2.3.21-16.el10_1.1.aarch64.rpm SHA-256: b519e2836b77060fe9036b6826048379d061bbc54fb5b4f0969f3f454bcb3c85 dovecot-mysql-debuginfo-2.3.21-16.el10_1.1.aarch64.rpm SHA-256: 247d6387082b731d8c0346b91f8749dd833c56715022cd3d81813289d705e1e8 dovecot-pgsql-debuginfo-2.3.21-16.el10_1.1.aarch64.rp