CVE-2026-47087
The CVE affects cyrus-imapd (Cyrus IMAP) up to version 3.12.2, where URLAUTH does not honor revoked authorizer access; a URLAUTH URL minted while access was valid remains usable after revocation. This could enable continued access to previously authorized resources. A fix is available in the 3.12...