CVE-2026-48849 | Roundcube Webmail up to 1.6.15/1.7.0 cross site scripting

A vulnerability classified as problematic has been found in Roundcube Webmail up to 1.6.15/1.7.0. This issue affects some unknown processing. The manipulation leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-48849. The attack is possible to be carried out remotely. No exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More