Skip to content

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Company

About us
Blog
Learn
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Home
Vendors
Open Xchange

open-xchange Vulnerabilities: CVEs, CISA KEV & Security Advisories

279 CVEs

open-xchange Vulnerabilities

CVE security advisories and vulnerability history for open-xchange.

279

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

136

Public exploits

With known exploit

5.8

Avg CVSS

2006–2026

Overview

open-xchange has 279 published CVE records since 2006, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 136 have a known public exploit. The average CVSS base score across scored CVEs is 5.8.

This page aggregates every publicly disclosed vulnerability (CVE) affecting open-xchange products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of open-xchange's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical1

High17

Medium68

Low6

187 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

0

None of open-xchange's CVEs are currently listed in CISA's KEV catalog.

Public exploits

136

136 of open-xchange's CVEs have a known public exploit available.

Most affected products

The open-xchange products with the most published CVEs.

open-xchange appsuite157 CVEs
OX App Suite88 CVEs
appsuite-frontend44 CVEs
OX Dovecot Pro17 CVEs
dovecot16 CVEs
open-xchange appsuite backend14 CVEs
open-xchange server13 CVEs
ox guard11 CVEs

Common weakness types

The CWE weakness categories most often found in open-xchange CVEs. Follow any weakness for its full explanation.

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')30 CVEs
CWE-400Uncontrolled Resource Consumption12 CVEs
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')8 CVEs
CWE-918Server-Side Request Forgery (SSRF)7 CVEs
CWE-20Improper Input Validation7 CVEs
CWE-200Exposure of Sensitive Information to an Unauthorized Actor3 CVEs
CWE-284Improper Access Control2 CVEs
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')2 CVEs

CNAs that assign these CVEs

The CVE Numbering Authorities that publish open-xchange CVE records.

mitre207 CVEs
OX66 CVEs
redhat5 CVEs
mozilla1 CVEs

Disclosure activity by year

How many open-xchange CVEs were published each year.

2018

16

2019

34

2020

21

2021

37

2022

23

2023

47

2024

18

2026

16

Latest open-xchange CVEs

The most recently disclosed vulnerabilities affecting open-xchange.

Medium vulnerability · 2026-05-12
CWE-400
Medium · CVSS 4.3
EPSS 0.0%2026-05-12
Low vulnerability · 2026-05-12
CWE-284
Low · CVSS 3.1
EPSS 0.0%2026-05-12
Medium vulnerability · 2026-05-12
CWE-400
Medium · CVSS 5.3
EPSS 0.0%2026-05-12
Medium vulnerability · 2026-05-12
CWE-99
Medium · CVSS 6.8
EPSS 0.0%2026-05-12
High vulnerability · 2026-05-12
CWE-235
High · CVSS 7.4
EPSS 0.0%2026-05-12
Low vulnerability · 2026-03-27
CWE-90
Low · CVSS 3.7
EPSS 0.0%2026-03-27
Medium vulnerability · 2026-03-27
CWE-400
Medium · CVSS 5.3
EPSS 0.0%2026-03-27
High vulnerability · 2026-03-27
CWE-400
High · CVSS 7.5
EPSS 0.0%2026-03-27
Medium vulnerability · 2026-03-27
CWE-400
Medium · CVSS 4.3
EPSS 0.0%2026-03-27
High vulnerability · 2026-03-27
CWE-287
High · CVSS 7.4
EPSS 0.0%2026-03-27
Medium vulnerability · 2026-03-27
CWE-294
Medium · CVSS 6.8
EPSS 0.0%2026-03-27
High vulnerability · 2026-03-27
CWE-89
High · CVSS 7.7
EPSS 0.0%2026-03-27

Track new open-xchange CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor open-xchange CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

PDF-XChange289 CVEs IBM Corporation288 CVEs xwiki285 CVEs mayurik275 CVEs microfocus274 CVEs discourse274 CVEs phpmyadmin272 CVEs Splunk272 CVEs

Browse all vendors

Frequently asked questions

Common questions about open-xchange vulnerabilities.

How many CVEs does open-xchange have?

open-xchange has 279 published CVE records since 2006, including 16 in the last two years.

How many open-xchange CVEs are in CISA KEV?

None of open-xchange's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Which open-xchange products have the most CVEs?

The open-xchange products with the most published CVEs are open-xchange appsuite, OX App Suite, appsuite-frontend, OX Dovecot Pro, dovecot.

What are the most common weakness types in open-xchange CVEs?

open-xchange's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-400 (Uncontrolled Resource Consumption), CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-918 (Server-Side Request Forgery (SSRF)).

Are there public exploits for open-xchange vulnerabilities?

Yes — 136 of open-xchange's CVEs have a known public exploit.

How many critical open-xchange vulnerabilities are there?

open-xchange has 1 critical and 17 high-severity CVEs.

What is the average severity of open-xchange CVEs?

The average CVSS base score across open-xchange's scored CVEs is 5.8.

References

The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to
CNA directory: the CNAs that assign these CVEs

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track open-xchange vulnerabilities

Monitor new open-xchange vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Most affected products
Common weakness types
Assigning CNAs
Disclosure activity
Latest CVEs
Other vendors
FAQ
References