CVE-2026-48844
CVE-2026-48844
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Roundcube · WebmailQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://github.com/roundcube/roundcubemail/commit/6a777d7394b763ce9acfce86c1a521e14a02d862https://github.com/roundcube/roundcubemail/commit/ea1798a6fbf060abcc0ba73b2435036bf8016a5ahttps://github.com/roundcube/roundcubemail/releases/tag/1.6.16https://github.com/roundcube/roundcubemail/releases/tag/1.7.1https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1