CVE-2026-33550
LOW
alinto
NVD
CVSS Score
2
Severity
LOW
Published
Mar 22, 2026
Vendor
alinto
Description
SOGo before 5.12.5 does not renew the OTP if a user disables/enables it, and has a too short length (only 12 digits instead of the 20 recommended).