A vulnerability, which was classified as critical , was found in Alinto SOGo up to 5.12.6 . Affected by this vulnerability is an unknown functionality. The manipulation of the argument c_password results in sql injection. This vulnerability is reported as CVE-2026-46446 . The attack can be launched remotely. No exploit exists. You should upgrade the affected component.