CVE-2026-47084
CVE-2026-47084 affects Cyrus IMAPD up to version 3.12.2. The LOCALDELETE command bypassed ACL checks, allowing an authenticated but non-admin user to invoke an admin-only LOCALDELETE IMAP command and delete mailboxes for which they had no permissions. The CVSS metrics indicate a base score of 6.5...