Threats Tagged 'cve-2026-47085'
View all threats tagged with 'cve-2026-47085'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-47085'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-47085: CWE-340 Generation of Predictable Numbers or Identifiers in cyrusimap Cyrus IMAPCVE-2026-47085 0 An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH token forgery can occur via a missing mboxkey. If an attacker knew a folder name on the victim's account for which the victim had never issued an auth URL, they could forge a working URLAUTH token by computing an HMAC-SHA1 value with a predictable key, giving them read access to the mailbox. (URLAUTH is an obscure feature, meaning that the odds of any user actually being susceptible to this attack are very low. Perhaps no public clients use URLAUTH.) Join the discussion | CVE Database V5 | 07/16/2026, 00:00:00 UTC Added: 07/16/2026, 18:48:09 UTC |
Showing 1 to 1 of 1 result