Cyrusimap Cyrus Imap
9 CVEs affecting Cyrusimap Cyrus Imap. Latest disclosed: 2026-07-16. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-47084 | Medium | 6.5 | 2026-07-16 | An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The LOCALDELETE command bypassed ACL checks. An authenticated but non-admin user could inv… |
CVE-2026-47082 | Medium | 5.4 | 2026-07-16 | An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The vacation "fcc" feature skips the destination-mailbox ACL. A user whose vacation Sieve… |
CVE-2026-47089 | Medium | 4.3 | 2026-07-16 | An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. LISTRIGHTS os not limited to users with admin access. An authenticated user could call IMA… |
CVE-2026-47083 | Medium | 4.3 | 2026-07-16 | An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authentica… |
CVE-2026-47085 | Medium | 4.0 | 2026-07-16 | An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH token forgery can occur via a missing mboxkey. If an attacker knew a folder name o… |
CVE-2026-47087 | Low | 3.5 | 2026-07-16 | An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH does not honor revoked authorizer access. A URLAUTH URL minted while the authorize… |
CVE-2026-47086 | Low | 3.5 | 2026-07-16 | An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. GENURLAUTH-issued tokens can bypass ACLs. Any authenticated user could mint a URLAUTH toke… |
CVE-2026-47088 | Low | 3.1 | 2026-07-16 | An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is heap exposure in nested MIME comment parsing. An authenticated IMAP user could cr… |
CVE-2026-47081 | Low | 3.1 | 2026-07-16 | An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an XAPPLEPUSHSERVICE folder existence oracle and push hijack. An authenticated IM… |