CVE-2026-48844
EUVD-2026-3171725.05.2026, 20:16
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| roundcube | webmail | 1.6.0 ≤ 𝑥 < 1.6.16 | CNA |
| roundcube | webmail | 1.7.0 ≤ 𝑥 < 1.7.1 | CNA |
Debian Releases
Common Weakness Enumeration
References