CVE-2026-47081
Last modified
CVE-2026-47081 is a low-severity vulnerability rated 3.1/10 on the CVSS scale. An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an XAPPLEPUSHSERVICE folder existence oracle and push hijack. EPSS estimates a 0.15% chance of exploitation in the next 30 days.
Description
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an XAPPLEPUSHSERVICE folder existence oracle and push hijack. An authenticated IMAP user could probe for the existence of arbitrary mailboxes on other users' accounts via the XAPPLEPUSHSERVICE command and then create Apple Push Notification Service notifications for new mail in those mailboxes to their own APNS device. This did not leak any data about the content of mailboxes. Instead, a "mailbox has changed" notice would be pushed when the mailbox modseq changed.
Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| cyrusimap | Cyrus IMAP | < 3.12.3 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-47081?
How severe is CVE-2026-47081?
How do I fix CVE-2026-47081?
Related CVEs from 2026
- CVE-2026-47073Allocation of Resources Without Limits or Throttling vulnera…7.5
- CVE-2026-47074Improper Certificate Validation vulnerability in ex-aws ex_a…8.7
- CVE-2026-47075Improper Neutralization of CRLF Sequences vulnerability in b…7.5
- CVE-2026-47076Interpretation Conflict vulnerability in benoitc hackney all…6.5
- CVE-2026-47077Allocation of Resources Without Limits or Throttling vulnera…7.5
- CVE-2026-4708Incorrect boundary conditions in the Graphics component. Thi…7.5
- CVE-2026-47082An issue was discovered in cyrus-imapd in Cyrus IMAP through…5.4
- CVE-2026-47083An issue was discovered in cyrus-imapd in Cyrus IMAP through…4.3
- CVE-2026-47084An issue was discovered in cyrus-imapd in Cyrus IMAP through…6.5
- CVE-2026-47085An issue was discovered in cyrus-imapd in Cyrus IMAP through…4
- CVE-2026-47086An issue was discovered in cyrus-imapd in Cyrus IMAP through…3.5
- CVE-2026-47087An issue was discovered in cyrus-imapd in Cyrus IMAP through…3.5
Are you affected by CVE-2026-47081?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
