Known Vulnerabilities for products from Roundcube
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Roundcube".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-48849 json | Not Provided | 2026-05-25 | 2026-05-26 | |
| CVE-2026-48848 json | Not Provided | 2026-05-25 | 2026-05-26 | |
| CVE-2026-48847 json | Not Provided | 2026-05-25 | 2026-05-26 | |
| CVE-2026-48846 json | Not Provided | 2026-05-25 | 2026-05-26 | |
| CVE-2026-48845 json | Not Provided | 2026-05-25 | 2026-05-26 | |
| CVE-2026-48844 json | Not Provided | 2026-05-25 | 2026-05-26 | |
| CVE-2026-48843 json | Not Provided | 2026-05-25 | 2026-05-26 | |
| CVE-2026-48842 json | Not Provided | 2026-05-25 | 2026-05-26 | |
| CVE-2026-35545 json | An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via ... | Not Provided | 2026-04-03 | 2026-04-07 |
| CVE-2026-35544 json | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization... | Not Provided | 2026-04-03 | 2026-04-09 |
| CVE-2026-35543 json | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via ... | Not Provided | 2026-04-03 | 2026-04-07 |
| CVE-2026-35542 json | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via ... | Not Provided | 2026-04-03 | 2026-04-07 |
| CVE-2026-35541 json | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin c... | Not Provided | 2026-04-03 | 2026-04-07 |
| CVE-2026-35540 json | An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in H... | Not Provided | 2026-04-03 | 2026-04-07 |
| CVE-2026-35539 json | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment san... | Not Provided | 2026-04-03 | 2026-04-07 |
| CVE-2026-35538 json | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead t... | Not Provided | 2026-04-03 | 2026-04-07 |
| CVE-2026-35537 json | An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session h... | Not Provided | 2026-04-03 | 2026-04-13 |
| CVE-2023-47272 json | Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for att... | 6.1 - MEDIUM | 2023-11-06 | 2023-12-05 |
| CVE-2023-43770 json | Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted li... | 6.1 - MEDIUM | 2023-09-22 | 2023-09-26 |
| CVE-2023-5631 json | Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a craf... | 5.4 - MEDIUM | 2023-10-18 | 2023-11-17 |
Known software with vulnerabilities from Roundcube
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Roundcube | Roundcube | 0.1 |
| Application | Roundcube | Roundcube Webmail | 1.0.8 |
| Application | Roundcube | Webmail | 0.1 |