CVE-2026-47089
CVE-2026-47089 affects Cyrus IMAPD up to version 3.12.2. The LISTRIGHTS function is not restricted to admins, allowing any authenticated user to call LISTRIGHTS on a mailbox they name and discover which principals have what access. This is a data-exposure/privacy issue tied to insufficient access...