CVE-2026-47089
Last modified
CVE-2026-47089 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. LISTRIGHTS os not limited to users with admin access. EPSS estimates a 0.17% chance of exploitation in the next 30 days.
Description
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. LISTRIGHTS os not limited to users with admin access. An authenticated user could call IMAP LISTRIGHTS against any mailbox they could name and learn what principals had what access to it. (This action should have been restricted to users with admin access on the target mailbox.)
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| cyrusimap | Cyrus IMAP | < 3.12.3 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-47089?
How severe is CVE-2026-47089?
How do I fix CVE-2026-47089?
Related CVEs from 2026
- CVE-2026-47083An issue was discovered in cyrus-imapd in Cyrus IMAP through…4.3
- CVE-2026-47084An issue was discovered in cyrus-imapd in Cyrus IMAP through…6.5
- CVE-2026-47085An issue was discovered in cyrus-imapd in Cyrus IMAP through…4
- CVE-2026-47086An issue was discovered in cyrus-imapd in Cyrus IMAP through…3.5
- CVE-2026-47087An issue was discovered in cyrus-imapd in Cyrus IMAP through…3.5
- CVE-2026-47088An issue was discovered in cyrus-imapd in Cyrus IMAP through…3.1
- CVE-2026-4709Incorrect boundary conditions in the Audio/Video: GMP compon…7.5
- CVE-2026-47090Claude HUD through 0.0.12, patched in commit 234d9aa, constr…4.6
- CVE-2026-47091Claude HUD through 0.0.12, patched in commit 234d9aa, contai…4.8
- CVE-2026-47092Claude HUD through 0.0.12, patched in commit 234d9aa, contai…7.8
- CVE-2026-47093Rejected reason: This CVE ID has been rejected or withdrawn …
- CVE-2026-47099TeleJSON prior to 6.0.0 contains a DOM-based cross-site scri…6.1
Are you affected by CVE-2026-47089?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
