CVE-2026-47083
Last modified
CVE-2026-47083 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. EPSS estimates a 0.18% chance of exploitation in the next 30 days.
Description
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authenticated IMAP user could enumerate folder names under any account they could name. Search would return UIDs of messages matching the search, creating a content oracle (without allowing arbitrary reads of the target's content).
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| cyrusimap | Cyrus IMAP | < 3.12.3 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-47083?
How severe is CVE-2026-47083?
How do I fix CVE-2026-47083?
Related CVEs from 2026
- CVE-2026-47075Improper Neutralization of CRLF Sequences vulnerability in b…7.5
- CVE-2026-47076Interpretation Conflict vulnerability in benoitc hackney all…6.5
- CVE-2026-47077Allocation of Resources Without Limits or Throttling vulnera…7.5
- CVE-2026-4708Incorrect boundary conditions in the Graphics component. Thi…7.5
- CVE-2026-47081An issue was discovered in cyrus-imapd in Cyrus IMAP through…3.1
- CVE-2026-47082An issue was discovered in cyrus-imapd in Cyrus IMAP through…5.4
- CVE-2026-47084An issue was discovered in cyrus-imapd in Cyrus IMAP through…6.5
- CVE-2026-47085An issue was discovered in cyrus-imapd in Cyrus IMAP through…4
- CVE-2026-47086An issue was discovered in cyrus-imapd in Cyrus IMAP through…3.5
- CVE-2026-47087An issue was discovered in cyrus-imapd in Cyrus IMAP through…3.5
- CVE-2026-47088An issue was discovered in cyrus-imapd in Cyrus IMAP through…3.1
- CVE-2026-47089An issue was discovered in cyrus-imapd in Cyrus IMAP through…4.3
Are you affected by CVE-2026-47083?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
