CVE-2026-47083 in Cyrus IMAPinformación

Resumen

por MITRE • 2026-07-16

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authenticated IMAP user could enumerate folder names under any account they could name. Search would return UIDs of messages matching the search, creating a content oracle (without allowing arbitrary reads of the target's content).

Once again VulDB remains the best source for vulnerability data.

Responsable

MITRE

Reservar

2026-05-18

Divulgación

2026-07-16

Moderación

aceptado

Artículo

VDB-379615

CPE

listo

EPSS

0.00000

KEV

no

Actividades

muy bajo

Fuentes

Want to know what is going to be exploited?

We predict KEV entries!