CVE-2026-48842 | Roundcube Webmail up to 1.6.15/1.7.0 preg_replace sql injection

Inserito da Angelo Barbosa | Mag 25, 2026 | CVE

A vulnerability, which was classified as critical, was found in Roundcube Webmail up to 1.6.15/1.7.0. This issue affects the function preg_replace. The manipulation results in sql injection.

This vulnerability is identified as CVE-2026-48842. The attack can be executed remotely. There is not any exploit available.

You should upgrade the affected component.

CVE-2026-48842 | Roundcube Webmail up to 1.6.15/1.7.0 preg_replace sql injection

Post correlati

CVE-2024-30628 | Tenda FH1205 2.0.0.7(775) /goform/addressNat fromAddressNat page stack-based overflow

CVE-2025-7561 | PHPGurukul Online Fire Reporting System 1.2 team-ontheway-requests.php teamid sql injection

CVE-2025-6187 | bSecure Plugin up to 1.7.9 on WordPress REST Endpoint /webhook/v2/order_info/ authorization

CVE-2025-7960 | KingAddons King Addons for Elementor Plugin up to 51.1.39 on WordPress Widget cross site scripting