ГлавнаяУязвимости → CVE-2026-48844
7.5высокая

CVE-2026-48844

Описание

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)

CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/roundcube/roundcubemail/commit/6a777d7394b763ce9acfce86c1a521e14a02d862https://github.com/roundcube/roundcubemail/commit/ea1798a6fbf060abcc0ba73b2435036bf8016a5ahttps://github.com/roundcube/roundcubemail/releases/tag/1.6.16https://github.com/roundcube/roundcubemail/releases/tag/1.7.1https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1