PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-47087 cyrusimap CVE debrief

A low-severity vulnerability was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The issue involves URLAUTH not honoring revoked authorizer access, allowing a URLAUTH URL minted while the authorizer had access to continue working after that access was revoked. This vulnerability could potentially allow unauthorized access to sensitive information if exploited. System administrators and security teams should review the vulnerability details and take necessary actions to mitigate the risk.

Vendor
cyrusimap
Product
Cyrus IMAP
CVSS
LOW 3.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-16
Original CVE updated
2026-07-16
Advisory published
2026-07-16
Advisory updated
2026-07-16

Who should care

System administrators and security teams responsible for Cyrus IMAP installations should be aware of this vulnerability and take necessary actions to mitigate the risk. This includes reviewing and updating Cyrus IMAP installations to ensure they are running version 3.12.3 or later, verifying that URLAUTH access has been properly revoked for all affected users, and monitoring system logs for any suspicious activity related to URLAUTH.

Technical summary

The vulnerability, tracked as CVE-2026-47087, is related to the URLAUTH feature in Cyrus IMAP. Specifically, the issue arises when an authorizer's access is revoked, but previously minted URLAUTH URLs continue to function. This could potentially allow unauthorized access to sensitive information if the vulnerability is exploited. The vulnerability has a CVSS score of 3.5 and is considered low severity.

Defensive priority

Medium priority should be given to addressing this vulnerability, as it could lead to unauthorized access if exploited. However, given the low severity of the vulnerability, it may be possible to address it through normal change control and patch management processes.

Recommended defensive actions

  • Review and update Cyrus IMAP installations to ensure they are running version 3.12.3 or later.
  • Verify that URLAUTH access has been properly revoked for all affected users.
  • Monitor system logs for any suspicious activity related to URLAUTH.
  • Perform a thorough review of system configurations to ensure that URLAUTH is properly configured and secured.
  • Consider implementing additional security measures, such as multi-factor authentication, to reduce the risk of unauthorized access.
  • Conduct regular security audits to identify and address potential vulnerabilities in the system.
  • Develop and implement a incident response plan in case of a potential exploit.

Evidence notes

The CVE record was published on 2026-07-16T19:16:49.383Z and has not been modified since then. The NVD entry is currently in the 'Received' status. This information is based on the provided source corpus and may not reflect the full scope of affected systems or potential impacts. Further verification is recommended to ensure accurate understanding of the vulnerability.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T19:16:49.383Z and has not been modified since then. The NVD entry is currently in the 'Received' status.