Known Vulnerabilities for Webmail by Roundcube
Listed below are 10 of the newest known vulnerabilities associated with "Webmail" by "Roundcube".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-35545 | An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via ... | Not Provided | 2026-04-03 | 2026-04-03 |
| CVE-2026-35544 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization... | Not Provided | 2026-04-03 | 2026-04-03 |
| CVE-2026-35543 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via ... | Not Provided | 2026-04-03 | 2026-04-03 |
| CVE-2026-35542 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via ... | Not Provided | 2026-04-03 | 2026-04-03 |
| CVE-2026-35541 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin c... | Not Provided | 2026-04-03 | 2026-04-03 |
| CVE-2026-35540 | An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in H... | Not Provided | 2026-04-03 | 2026-04-03 |
| CVE-2026-35539 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment san... | Not Provided | 2026-04-03 | 2026-04-03 |
| CVE-2026-35538 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead t... | Not Provided | 2026-04-03 | 2026-04-03 |
| CVE-2026-35537 | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session h... | Not Provided | 2026-04-03 | 2026-04-03 |
| CVE-2026-34834 | Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() funct... | Not Provided | 2026-04-02 | 2026-04-02 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Roundcube | Webmail | 1.4.9 | All | All | All |
| Application | Roundcube | Webmail | 1.4.8 | All | All | All |
| Application | Roundcube | Webmail | 1.4.7 | All | All | All |
| Application | Roundcube | Webmail | 1.4.6 | All | All | All |
| Application | Roundcube | Webmail | 1.4.5 | All | All | All |
| Application | Roundcube | Webmail | 1.4.4 | All | All | All |
| Application | Roundcube | Webmail | 1.4.3 | All | All | All |
| Application | Roundcube | Webmail | 1.4.2 | All | All | All |
| Application | Roundcube | Webmail | 1.4.10 | All | All | All |
| Application | Roundcube | Webmail | 1.4.1 | All | All | All |
| Application | Roundcube | Webmail | 1.4.0 | All | All | All |
| Application | Roundcube | Webmail | 1.4 | beta | All | All |
| Application | Roundcube | Webmail | 1.4 | rc1 | All | All |
| Application | Roundcube | Webmail | 1.3.9 | All | All | All |
| Application | Roundcube | Webmail | 1.3.8 | All | All | All |
| Application | Roundcube | Webmail | 1.3.7 | All | All | All |
| Application | Roundcube | Webmail | 1.3.6 | All | All | All |
| Application | Roundcube | Webmail | 1.3.5 | All | All | All |
| Application | Roundcube | Webmail | 1.3.4 | All | All | All |
| Application | Roundcube | Webmail | 1.3.3 | All | All | All |