HIGHCVE-2026-48844Published Modified CNA mitre
CVE-2026-48844: Roundcube Webmail 1
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)
Metrics
- CVSS v3.1
- 7.5
- Severity
- HIGH
- Fixed in
- 1.6.16
- Affected Products
- 1
Fix available
1.6.161.7.1
Affected packages
- Roundcube / Webmail< 1.6.16 (from 1.6.0) · < 1.7.1 (from 1.7.0)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H