CVE-2026-47083: CWE-204 Observable Response Discrepancy in cyrusimap Cyrus IMAP
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authenticated IMAP user could enumerate folder names under any account they could name. Search would return UIDs of messages matching the search, creating a content oracle (without allowing arbitrary reads of the target's content).
AI Analysis
Technical Summary
This vulnerability in cyrus-imapd (Cyrus IMAP) up to version 3.12.2 involves an ESEARCH cross-user content oracle. An authenticated user can leverage the ESEARCH command to enumerate folder names of any account by naming it, and receive UIDs of messages matching the search criteria. While this does not allow direct reading of message contents, it leaks information about folder existence and message presence, constituting an observable response discrepancy (CWE-204).
Potential Impact
The vulnerability allows information disclosure about folder names and message UIDs across user accounts. This could aid an attacker in gathering metadata about other users' mailboxes, potentially facilitating further targeted attacks or privacy breaches. However, it does not allow reading the actual content of messages or modification of data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround is currently documented. Until a fix is available, limit authenticated user privileges where possible and monitor for unusual IMAP ESEARCH command usage.
CVE-2026-47083: CWE-204 Observable Response Discrepancy in cyrusimap Cyrus IMAP
Description
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authenticated IMAP user could enumerate folder names under any account they could name. Search would return UIDs of messages matching the search, creating a content oracle (without allowing arbitrary reads of the target's content).
CVSS v3.1
Score 4.3medium
Affected software
pkg:github/cyrusimap/cyrus-imapdRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability in cyrus-imapd (Cyrus IMAP) up to version 3.12.2 involves an ESEARCH cross-user content oracle. An authenticated user can leverage the ESEARCH command to enumerate folder names of any account by naming it, and receive UIDs of messages matching the search criteria. While this does not allow direct reading of message contents, it leaks information about folder existence and message presence, constituting an observable response discrepancy (CWE-204).
Potential Impact
The vulnerability allows information disclosure about folder names and message UIDs across user accounts. This could aid an attacker in gathering metadata about other users' mailboxes, potentially facilitating further targeted attacks or privacy breaches. However, it does not allow reading the actual content of messages or modification of data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or temporary workaround is currently documented. Until a fix is available, limit authenticated user privileges where possible and monitor for unusual IMAP ESEARCH command usage.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2026-05-18T00:00:00.000Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a59276968715ace438892b3
Added to database: 07/16/2026, 18:48:09 UTC
Last enriched: 07/16/2026, 19:04:11 UTC
Last updated: 07/16/2026, 19:18:27 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.