VYPR
Unrated severityNVD Advisory· Published Jul 15, 2026

Debian roundcube: In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin o…

CVE-2026-62644

Description

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover.

Affected products

2

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.