PatchSiren cyber security CVE debrief
CVE-2026-47087 cyrusimap CVE debrief
A low-severity vulnerability was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The issue involves URLAUTH not honoring revoked authorizer access, allowing a URLAUTH URL minted while the authorizer had access to continue working after that access was revoked. This vulnerability could potentially allow unauthorized access to sensitive information if exploited. System administrators and security teams should review the vulnerability details and take necessary actions to mitigate the risk.
- Vendor
- cyrusimap
- Product
- Cyrus IMAP
- CVSS
- LOW 3.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-16
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-16
- Advisory updated
- 2026-07-16
Who should care
System administrators and security teams responsible for Cyrus IMAP installations should be aware of this vulnerability and take necessary actions to mitigate the risk. This includes reviewing and updating Cyrus IMAP installations to ensure they are running version 3.12.3 or later, verifying that URLAUTH access has been properly revoked for all affected users, and monitoring system logs for any suspicious activity related to URLAUTH.
Technical summary
The vulnerability, tracked as CVE-2026-47087, is related to the URLAUTH feature in Cyrus IMAP. Specifically, the issue arises when an authorizer's access is revoked, but previously minted URLAUTH URLs continue to function. This could potentially allow unauthorized access to sensitive information if the vulnerability is exploited. The vulnerability has a CVSS score of 3.5 and is considered low severity.
Defensive priority
Medium priority should be given to addressing this vulnerability, as it could lead to unauthorized access if exploited. However, given the low severity of the vulnerability, it may be possible to address it through normal change control and patch management processes.
Recommended defensive actions
- Review and update Cyrus IMAP installations to ensure they are running version 3.12.3 or later.
- Verify that URLAUTH access has been properly revoked for all affected users.
- Monitor system logs for any suspicious activity related to URLAUTH.
- Perform a thorough review of system configurations to ensure that URLAUTH is properly configured and secured.
- Consider implementing additional security measures, such as multi-factor authentication, to reduce the risk of unauthorized access.
- Conduct regular security audits to identify and address potential vulnerabilities in the system.
- Develop and implement a incident response plan in case of a potential exploit.
Evidence notes
The CVE record was published on 2026-07-16T19:16:49.383Z and has not been modified since then. The NVD entry is currently in the 'Received' status. This information is based on the provided source corpus and may not reflect the full scope of affected systems or potential impacts. Further verification is recommended to ensure accurate understanding of the vulnerability.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T19:16:49.383Z and has not been modified since then. The NVD entry is currently in the 'Received' status.