PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-47083 cyrusimap CVE debrief

CVE-2026-47083 is a MEDIUM severity vulnerability in Cyrus IMAP through 3.12.2. An issue was discovered in cyrus-imapd, allowing an authenticated IMAP user to enumerate folder names under any account they could name using the ESEARCH command. This vulnerability has a significant impact on the security of the IMAP service, as it allows for the enumeration of folder names under any account. Users of Cyrus IMAP through 3.12.2 should be aware of this vulnerability and take necessary actions to protect their systems.

Vendor
cyrusimap
Product
Cyrus IMAP
CVSS
MEDIUM 4.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-16
Original CVE updated
2026-07-16
Advisory published
2026-07-16
Advisory updated
2026-07-16

Who should care

Users of Cyrus IMAP through 3.12.2 should be aware of this vulnerability and take necessary actions to protect their systems. This includes applying the patch or upgrading to a fixed version of Cyrus IMAP, restricting access to the IMAP service to trusted users, and monitoring for suspicious activity on the IMAP service. Operators of IMAP services, platform administrators, and security teams should review the vulnerability and take necessary actions to mitigate the risk.

Technical summary

The vulnerability is caused by an ESEARCH cross-user content oracle in cyrus-imapd. By using the ESEARCH command, an authenticated IMAP user could enumerate folder names under any account they could name. Search would return UIDs of messages matching the search, creating a content oracle without allowing arbitrary reads of the target's content. This vulnerability has a CVSS score of 4.3 and a severity of MEDIUM.

Defensive priority

Medium priority should be given to patching this vulnerability, as it allows for enumeration of folder names under any account.

Recommended defensive actions

  • Apply the patch or upgrade to a fixed version of Cyrus IMAP.
  • Restrict access to the IMAP service to trusted users.
  • Monitor for suspicious activity on the IMAP service.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.

Evidence notes

The CVE record was published on 2026-07-16T19:16:48.850Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The ESEARCH command in cyrus-imapd allows an authenticated IMAP user to enumerate folder names under any account they could name, creating a content oracle without allowing arbitrary reads of the target's content.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T19:16:48.850Z and has not been modified since then.