2 matches found
EUVD-2026-45004
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an XAPPLEPUSHSERVICE folder existence oracle and push hijack. An authenticated IMAP user could probe for the existence of arbitrary mailboxes on other users' accounts via the XAPPLEPUSHSERVICE command and then create...
CVE-2026-47081
Cyrus IMAP (cyrus-imapd) up to version 3.12.2 is affected by a XAPPLEPUSHSERVICE folder existence oracle that lets an authenticated IMAP user probe for the existence of arbitrary mailboxes on other users and push notifications for new mail to their own APNS device. This does not expose mailbox co...