CVE-2026-47087
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/07/2026
Last modified:
16/07/2026
Description
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH does not honor revoked authorizer access. A URLAUTH URL minted while the authorizer had access continued to work after that access was revoked.
Impact
Base Score 3.x
3.50
Severity 3.x
LOW



