CVE-2026-47084 in Cyrus IMAPinformación

Resumen

por MITRE • 2026-07-16

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The LOCALDELETE command bypassed ACL checks. An authenticated but non-admin user could invoke the admin-only LOCALDELETE IMAP command and delete mailboxes for which they had no permissions.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Responsable

MITRE

Reservar

2026-05-18

Divulgación

2026-07-16

Moderación

aceptado

Artículo

VDB-379621

CPE

listo

EPSS

0.00000

KEV

no

Actividades

bajo

Fuentes

Interested in the pricing of exploits?

See the underground prices here!