CVE-2026-35538

Published April 3rd, 2026

View on NVD ↗

CVSS v3

3.1

LOW

CVSS v2

N/A

Affected

PROJECT

Description

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.

roundcube/roundcubemail

The Roundcube Webmail suite

GitHub