2 matches found
EUVD-2026-45007
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The LOCALDELETE command bypassed ACL checks. An authenticated but non-admin user could invoke the admin-only LOCALDELETE IMAP command and delete mailboxes for which they had no permissions...
CVE-2026-47084
CVE-2026-47084 affects Cyrus IMAPD up to version 3.12.2. The LOCALDELETE command bypassed ACL checks, allowing an authenticated but non-admin user to invoke an admin-only LOCALDELETE IMAP command and delete mailboxes for which they had no permissions. The CVSS metrics indicate a base score of 6.5...