CVE-2026-47082
CVE-2026-47082 affects Cyrus IMAP (cyrus-imapd) up to version 3.12.2. The vacation Sieve option :fcc ignores destination mailbox ACLs, allowing a user’s vacation auto-replies to be delivered to any mailbox named by the script, even if the user lacks insert permissions on that mailbox. The issue i...