Aleksander Machniak - Security Researcher - Exploit Intelligence Platform

CVE-2026-35537 WRITEUP LOW WRITEUP

Roundcube Webmail <1.5.14 - Deserialization

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data.

CVSS 3.7

View Code

CVE-2026-35538 WRITEUP LOW WRITEUP

Roundcube Webmail < 1.5.14 - CSRF

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.

CVSS 3.1

View Code

CVE-2026-35539 WRITEUP MEDIUM WRITEUP

Roundcube Webmail < 1.5.14 - XSS

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment.

CVSS 6.1

View Code

CVE-2026-35540 WRITEUP MEDIUM WRITEUP

Roundcube Webmail < 1.6.14 - Information Disclosure

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts.

CVSS 5.4

View Code

CVE-2026-35541 WRITEUP MEDIUM WRITEUP

Roundcube Webmail <1.5.14 - Auth Bypass

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password.

CVSS 4.2

View Code

CVE-2026-35542 WRITEUP MEDIUM WRITEUP

Roundcube Webmail < 1.5.14 - Information Disclosure

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass.

CVSS 5.3

View Code

CVE-2026-35543 WRITEUP MEDIUM WRITEUP

Roundcube Webmail < 1.5.14 - Information Disclosure

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead to information disclosure or access-control bypass.

CVSS 5.3

View Code

CVE-2026-35544 WRITEUP MEDIUM WRITEUP

Roundcube Webmail <1.5.14 - CSS Sanitization Bypass

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important.

CVSS 5.3

View Code

CVE-2026-35545 WRITEUP MEDIUM WRITEUP

Roundcube Webmail < 1.5.15 - Information Disclosure

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke.

CVSS 5.3

View Code

CVE-2012-6121 WRITEUP WRITEUP

Roundcube Webmail < 0.8.4 - XSS

Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.8.5 allows remote attackers to inject arbitrary web script or HTML via a (1) data:text or (2) vbscript link.

View Code

CVE-2015-5381 WRITEUP MEDIUM WRITEUP

Roundcube Webmail <1.1.2 - XSS

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

CVSS 6.1

View Code

CVE-2015-5382 WRITEUP MEDIUM WRITEUP

Roundcube Webmail <1.0.6, <1.1.2 - Info Disclosure

program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard.

CVSS 6.5

View Code

CVE-2020-12626 WRITEUP MEDIUM WRITEUP

Roundcube Webmail <1.4.4 - CSRF

An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.

CVSS 6.5

View Code

CVE-2020-13964 WRITEUP MEDIUM WRITEUP

Roundcube Webmail < 1.3.12 - XSS

An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object.

CVSS 6.1

View Code

CVE-2020-15562 WRITEUP MEDIUM WRITEUP

Roundcube Webmail < 1.2.11 - XSS

An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns (aka XML namespace) attribute of a HEAD element when an SVG element exists.

CVSS 6.1

View Code

CVE-2020-16145 WRITEUP MEDIUM WRITEUP

Roundcube Webmail < 1.3.15 - XSS

Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.

CVSS 6.1

View Code

CVE-2021-26925 WRITEUP MEDIUM WRITEUP

Roundcube Webmail < 1.4.11 - XSS

Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.

CVSS 5.4

View Code

CVE-2021-46144 WRITEUP MEDIUM WRITEUP

Roundcube <1.4.13, <1.5.2 - XSS

Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences.

CVSS 6.1

View Code

CVE-2023-47272 WRITEUP MEDIUM WRITEUP

Roundcube Webmail < 1.5.6 - XSS

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).

CVSS 6.1

View Code

CVE-2023-5631 WRITEUP MEDIUM WRITEUP

Roundcube Webmail < 1.4.15 - XSS

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.

CVSS 6.1

View Code

CVE-2024-37384 WRITEUP MEDIUM WRITEUP

Roundcube Webmail < 1.5.7 - XSS

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences.

CVSS 6.1

View Code

CVE-2024-37385 WRITEUP CRITICAL WRITEUP

Roundcube Webmail < 1.5.7 - Command Injection

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.

CVSS 9.8

View Code

CVE-2025-68460 WRITEUP HIGH WRITEUP

Roundcube Webmail < 1.5.12 - Information Disclosure

Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.

CVSS 7.2

View Code

CVE-2026-26079 WRITEUP MEDIUM WRITEUP

Roundcube Webmail <1.5.13 & <1.6.13 - XSS

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

CVSS 4.7

View Code