Critical Roundcube Webmail Security Updates Fix Severe Flaws
ID: f76a327e-c4ab-526e-a2f1-5a89a5a5691c
STIX ID: report--f76a327e-c4ab-526e-a2f1-5a89a5a5691c
Feed Name: securityonline.info
Threat Score
Roundcube Webmail issued urgent security updates for versions 1.6.16 and 1.7.1 that remediate multiple high-severity flaws — notably a pre-authentication SQL injection (CVE-2026-48842, CVSS 8.1), a code-evaluation/code-injection issue (CVE-2026-48844, CVSS 7.5), several XSS and sanitizer/CSS bypasses, session-poisoning enabling pre-auth file deletions, and SSRF bypasses — and recommends immediate patching to prevent remote exploitation.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.