VYPR

roundcube

by Debian

CVEs (4)

  • CVE-2026-62642Jul 15, 2026
    risk 0.00cvss epss

    In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment.

  • CVE-2026-62641Jul 15, 2026
    risk 0.00cvss epss

    In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size.

  • CVE-2026-62644Jul 15, 2026
    risk 0.00cvss epss

    In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover.

  • CVE-2026-62643Jul 15, 2026
    risk 0.00cvss epss

    In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. NOTE: this issue exists because of…