Unrated severityNVD Advisory· Published Jul 15, 2026
Debian roundcube: In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin o…
CVE-2026-62644
Description
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover.
Affected products
2- Range: <1.6.17, <1.7.2
Patches
Vulnerability mechanics
News mentions
0No linked articles in our index yet.