heise PlusAbo

Roundcube webmail instances attackable with malware

In current versions, the developers of Roundcube Webmail have closed several security vulnerabilities.

listen Print view
Email,Marketing,Concept,,Company,Sending,Many,E-mails,Or,Digital,Newsletter

(Image: Shutter z/Shutterstock.com)

1 min. read
Security
By

The open-source webmail software Roundcube Webmail is vulnerable, and attackers can exploit a total of eight vulnerabilities. In the worst case, malicious code could compromise systems. Security updates are available for download.

In a post, the developers assure that the gaps in Roundcube Webmail 1.6.16 and 1.7.1 have been closed. Four of the vulnerabilities are classified with the threat level “high” (CVE-2026-48842, CVE-2026-48843, CVE-2026-48848, CVE-2026-48844).

Videos by heise

If administrators do not install the security patches, attackers can, among other things, push and execute malicious code on computers through SQL injection and Stored XSS attacks. So far, there are no indications that attackers are already exploiting the vulnerabilities.

Most recently, the developers released a security update for the webmail software in March of this year.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten