Nixpkgs Security Tracker

Login with GitHub

Details of issue NIXPKGS-2026-0692

NIXPKGS-2026-0692

GitHub issue published on 23 Mar 2026

Permalink CVE-2026-33550

2.0 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): HIGH
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

updated 1 day, 3 hours ago by @LeSuisse Activity log

Created automatic suggestion 1 day, 12 hours ago
@LeSuisse accepted 1 day, 4 hours ago
@LeSuisse published on GitHub 1 day, 3 hours ago

SOGo before 5.12.5 does not renew the OTP if a …

SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).

References

Affected products

SOGo

<5.12.5

Matching in nixpkgs

pkgs.sogo

Very fast and scalable modern collaboration suite (groupware)

nixos-unstable 5.12.4
- nixpkgs-unstable 5.12.4
- nixos-unstable-small 5.12.4
nixos-25.11 5.12.4
- nixos-25.11-small 5.12.4
- nixpkgs-25.11-darwin 5.12.4

Package maintainers

@jceb Jan Christoph Ebersbach <jceb@e-jc.de>

Upstream patch: https://github.com/Alinto/sogo/commit/83d4c522f87cfde0ba543837d9b24c3479083ec2