Known Vulnerabilities for products from Roundcube
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Roundcube".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-35545 json | An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via ... | Not Provided | 2026-04-03 | 2026-04-07 |
| CVE-2026-35544 json | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization... | Not Provided | 2026-04-03 | 2026-04-09 |
| CVE-2026-35543 json | Not Provided | 2026-04-03 | 2026-04-03 | |
| CVE-2026-35542 json | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via ... | Not Provided | 2026-04-03 | 2026-04-07 |
| CVE-2026-35541 json | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin c... | Not Provided | 2026-04-03 | 2026-04-07 |
| CVE-2026-35540 json | Not Provided | 2026-04-03 | 2026-04-03 | |
| CVE-2026-35539 json | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment san... | Not Provided | 2026-04-03 | 2026-04-07 |
| CVE-2026-35538 json | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead t... | Not Provided | 2026-04-03 | 2026-04-07 |
| CVE-2026-35537 json | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session h... | Not Provided | 2026-04-03 | 2026-04-13 |
| CVE-2023-47272 json | Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for att... | 6.1 - MEDIUM | 2023-11-06 | 2023-12-05 |
| CVE-2023-43770 json | Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted li... | 6.1 - MEDIUM | 2023-09-22 | 2023-09-26 |
| CVE-2023-5631 json | Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a craf... | 5.4 - MEDIUM | 2023-10-18 | 2023-11-17 |
| CVE-2021-46144 json | Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS... | 6.1 - MEDIUM | 2022-01-06 | 2022-04-01 |
| CVE-2021-44026 json | Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. | 9.8 - CRITICAL | 2021-11-19 | 2023-11-07 |
| CVE-2021-44025 json | Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displayin... | 6.1 - MEDIUM | 2021-11-19 | 2023-11-07 |
| CVE-2021-26925 json | Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. | 5.4 - MEDIUM | 2021-02-09 | 2023-11-07 |
| CVE-2020-35730 json | An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker ca... | 6.1 - MEDIUM | 2020-12-28 | 2023-11-07 |
| CVE-2020-18671 json | Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. | 5.4 - MEDIUM | 2021-06-24 | 2022-03-10 |
| CVE-2020-18670 json | Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via database host and user in /installer/test.php. | 5.4 - MEDIUM | 2021-06-24 | 2022-03-10 |
| CVE-2020-16145 json | Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG documen... | 6.1 - MEDIUM | 2020-08-12 | 2023-11-07 |
Known software with vulnerabilities from Roundcube
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Roundcube | Roundcube | 0.1 |
| Application | Roundcube | Roundcube Webmail | 1.0.8 |
| Application | Roundcube | Webmail | 0.1 |