Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-47084

MEDIUM NVD
CVSS Score 6.5
Severity MEDIUM
Published Jul 16, 2026
Vendor unknown

Description

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The LOCALDELETE command bypassed ACL checks. An authenticated but non-admin user could invoke the admin-only LOCALDELETE IMAP command and delete mailboxes for which they had no permissions.

References