CVE-2026-35538 | Roundcube Webmail up to 1.5.13/1.6.13 IMAP SEARCH Command Argument argument injection

Inserito da Angelo Barbosa | Apr 3, 2026 | CVE

A vulnerability classified as critical has been found in Roundcube Webmail up to 1.5.13/1.6.13. This impacts an unknown function of the component IMAP SEARCH Command Argument Handler. The manipulation leads to argument injection.

This vulnerability is uniquely identified as CVE-2026-35538. The attack is possible to be carried out remotely. No exploit exists.

It is recommended to upgrade the affected component.

CVE-2026-35538 | Roundcube Webmail up to 1.5.13/1.6.13 IMAP SEARCH Command Argument argument injection

Post correlati

CVE-2023-49034 | ProjeQtOr 11.0.2 ack.php thecheckvalidHtmlText cross site scripting

CVE-2024-5670 | Softnext SN OS 10.3/12.1/12.3 Mail SQR Expert/Mail Archiving Expert os command injection

CVE-2024-46890 | Siemens SINEC INS up to 1.0 SP2 Update 2 os command injection (ssa-915275)

CVE-2025-41015 | TCMAN GIM 20250304 /WS/PDAWebService.asmx GetUserQuestionAndAnswer pda:username information disclosure