Back to CVE List

CVE-2026-62644

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.4 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

Vulnerability Description

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-290
Source
NVD
Vendor
Roundcube
Product
Webmail

External References

Discussion (0)

Add Comment

No comments yet. Be the first!