CVE-2026-47089
Received Received - Intake

LISTRIGHTS Privilege Escalation in Cyrus IMAP

Vulnerability report for CVE-2026-47089, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: MITRE

Description

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. LISTRIGHTS os not limited to users with admin access. An authenticated user could call IMAP LISTRIGHTS against any mailbox they could name and learn what principals had what access to it. (This action should have been restricted to users with admin access on the target mailbox.)

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-16
AI Q&A
2026-07-16
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
cyrus_imapd cyrus_imapd 3.12.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in Cyrus IMAP through 3.12.2 allows authenticated users to call the IMAP LISTRIGHTS command against any mailbox they can name, revealing which principals have what access permissions. This should be restricted to admin users only.

Detection Guidance

To detect this vulnerability, check Cyrus IMAP logs for IMAP LISTRIGHTS commands executed by non-admin users. Look for any user attempting to query access rights on mailboxes they do not own. Verify if the LISTRIGHTS command returns access details for mailboxes without proper authorization.

Impact Analysis

An attacker with valid credentials could exploit this to gather sensitive information about mailbox access permissions, potentially aiding further attacks or unauthorized access to user data.

Compliance Impact

This vulnerability could lead to unauthorized access to personal data, violating confidentiality requirements in GDPR and HIPAA. It undermines data protection controls and may result in compliance violations.

Mitigation Strategies

Upgrade cyrus-imapd to version 3.12.3 or later to address the issue. Apply any available patches from the vendor. Review and restrict IMAP LISTRIGHTS command access to admin users only. Monitor logs for unauthorized access attempts and enforce strict access controls on mailbox permissions.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47089. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart