CVE-2026-47086
Last modified
CVE-2026-47086 is a low-severity vulnerability rated 3.5/10 on the CVSS scale. An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. GENURLAUTH-issued tokens can bypass ACLs. EPSS estimates a 0.17% chance of exploitation in the next 30 days.
Description
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. GENURLAUTH-issued tokens can bypass ACLs. Any authenticated user could mint a URLAUTH token (via the GENURLAUTH command) for any mailbox they could name, even without read access on it. This would allow reading mail from mailboxes despite having no granted permissions.
Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| cyrusimap | Cyrus IMAP | < 3.12.3 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-47086?
How severe is CVE-2026-47086?
How do I fix CVE-2026-47086?
Related CVEs from 2026
- CVE-2026-4708Incorrect boundary conditions in the Graphics component. Thi…7.5
- CVE-2026-47081An issue was discovered in cyrus-imapd in Cyrus IMAP through…3.1
- CVE-2026-47082An issue was discovered in cyrus-imapd in Cyrus IMAP through…5.4
- CVE-2026-47083An issue was discovered in cyrus-imapd in Cyrus IMAP through…4.3
- CVE-2026-47084An issue was discovered in cyrus-imapd in Cyrus IMAP through…6.5
- CVE-2026-47085An issue was discovered in cyrus-imapd in Cyrus IMAP through…4
- CVE-2026-47087An issue was discovered in cyrus-imapd in Cyrus IMAP through…3.5
- CVE-2026-47088An issue was discovered in cyrus-imapd in Cyrus IMAP through…3.1
- CVE-2026-47089An issue was discovered in cyrus-imapd in Cyrus IMAP through…4.3
- CVE-2026-4709Incorrect boundary conditions in the Audio/Video: GMP compon…7.5
- CVE-2026-47090Claude HUD through 0.0.12, patched in commit 234d9aa, constr…4.6
- CVE-2026-47091Claude HUD through 0.0.12, patched in commit 234d9aa, contai…4.8
Are you affected by CVE-2026-47086?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
