Cyrusimap Cyrus Imap

9 CVEs affecting Cyrusimap Cyrus Imap. Latest disclosed: 2026-07-16. Critical: 0, High: 0.

Top CVEs affecting Cyrusimap Cyrus Imap
CVESeverityScorePublishedSummary
CVE-2026-47084Medium6.52026-07-16An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The LOCALDELETE command bypassed ACL checks. An authenticated but non-admin user could inv…
CVE-2026-47082Medium5.42026-07-16An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The vacation "fcc" feature skips the destination-mailbox ACL. A user whose vacation Sieve…
CVE-2026-47089Medium4.32026-07-16An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. LISTRIGHTS os not limited to users with admin access. An authenticated user could call IMA…
CVE-2026-47083Medium4.32026-07-16An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authentica…
CVE-2026-47085Medium4.02026-07-16An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH token forgery can occur via a missing mboxkey. If an attacker knew a folder name o…
CVE-2026-47087Low3.52026-07-16An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH does not honor revoked authorizer access. A URLAUTH URL minted while the authorize…
CVE-2026-47086Low3.52026-07-16An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. GENURLAUTH-issued tokens can bypass ACLs. Any authenticated user could mint a URLAUTH toke…
CVE-2026-47088Low3.12026-07-16An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is heap exposure in nested MIME comment parsing. An authenticated IMAP user could cr…
CVE-2026-47081Low3.12026-07-16An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an XAPPLEPUSHSERVICE folder existence oracle and push hijack. An authenticated IM…