CVE-2026-46445: High-Severity SQL Injection Impacts SOGo with PostgreSQL

/HIGH /CVSS 7.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitysql-injectioncwe-89
CVE-2026-46445: High-Severity SQL Injection Impacts SOGo with PostgreSQL

The National Vulnerability Database has disclosed CVE-2026-46445, a high-severity SQL injection vulnerability affecting SOGo before version 5.12.7, specifically when configured with a PostgreSQL backend. This flaw, categorized under CWE-89, carries a CVSSv3.1 score of 7.1 (High), indicating a significant risk profile. Attackers could leverage this vulnerability to execute arbitrary SQL commands, potentially leading to data exfiltration, modification, or even complete system compromise.

The attacker’s calculus here is straightforward: SOGo is often deployed in critical enterprise environments for calendaring and groupware. A successful SQL injection grants deep access to sensitive information within the database, which can be highly valuable for reconnaissance, lateral movement, or direct data theft. The AC:H (High Attack Complexity) suggests that exploiting this isn’t trivial, but it’s far from impossible for a determined adversary with some technical skill and understanding of SOGo’s architecture.

Defenders must prioritize patching. SOGo version 5.12.7 addresses this vulnerability. Organizations running affected SOGo instances with PostgreSQL databases are exposed. This isn’t just about data loss; it’s about maintaining integrity and availability of critical communication infrastructure. Failure to patch leaves a significant backdoor open in a system often considered internal and trusted.

What This Means For You

  • If your organization uses SOGo with a PostgreSQL backend, you are directly exposed to CVE-2026-46445. Immediately verify your SOGo version and upgrade to 5.12.7 or later to mitigate this high-severity SQL injection vulnerability. Audit your SOGo logs for any suspicious database activity or unauthorized access attempts.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component: Web Shell Persistence T1189 Drive-by Compromise Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-46445: SOGo PostgreSQL SQL Injection Attempt

Sigma YAML — free preview 
title: CVE-2026-46445: SOGo PostgreSQL SQL Injection Attempt
id: scw-2026-05-14-ai-1
status: experimental
level: critical
description: |
  Detects attempts to exploit CVE-2026-46445 by looking for common SQL injection patterns within the query string of web requests targeting SOGo when using PostgreSQL. This is a critical detection for initial access via this vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-14
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-46445/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri-query|contains:
          - "' OR 1=1 --" 
          - "' UNION SELECT"
          - "' OR 'a'='a" 
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-46445 SQLi SOGo before 5.12.7
CVE-2026-46445 SQLi SOGo when PostgreSQL is used

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 14, 2026 at 07:17 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-8280 — GitLab CE/EE Affecting All Versions From 8.3 Before 18.9.7, Denial of Service

CVE-2026-8280 — GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-770
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 3 Sigma

CVE-2026-8181: WordPress Burst Statistics Plugin Critical Auth Bypass

CVE-2026-8181 — The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to Authentication Bypass in versions 3.4.0 to 3.4.1.1....

vulnerabilityCVEcriticalhigh-severityprivilege-escalationcwe-287
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 3 IOCs /⚙ 6 Sigma

GitLab CVE-2026-7481: Developer XSS Vulnerability Patched

CVE-2026-7481 — GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that...

vulnerabilityCVEhigh-severitycwe-79
/SCW Vulnerability Desk /HIGH /8.7 /⚑ 4 IOCs /⚙ 3 Sigma