CVE-2026-35538_CVE-2026-35538

3.1 / 10

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.

Basic Information

ID CVE-2026-35538

Source mitre

Published Apr 3, 2026 at 03:35

Modified Apr 3, 2026 at 13:11

Affected Product

Vendor Roundcube

Product Webmail

Affected Versions Roundcube Webmail 0
Roundcube Webmail 1.6.0

CWE Classification

CWE-88

References

{
    "lastseen": "",
    "description": "An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.",
    "published": "2026-04-03T03:35:36.925Z",
    "modified": "2026-04-03T13:11:22.365Z",
    "type": "cve",
    "title": "CVE-2026-35538",
    "source": "mitre",
    "references": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14\nhttps://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5\nhttps://github.com/roundcube/roundcubemail/commit/5fe8a69956a9683a4269f3ad2a68e18deebf8a15\nhttps://github.com/roundcube/roundcubemail/releases/tag/1.6.14\nhttps://github.com/roundcube/roundcubemail/commit/b18a8fa8e81571914c0ff55d4e20edb459c6952c\nhttps://github.com/roundcube/roundcubemail/releases/tag/1.5.14\nhttps://github.com/roundcube/roundcubemail/commit/7daf5aa9c190ccc75bb31672d8fee9938877fd64",
    "id": "CVE-2026-35538",
    "bulletinFamily": "",
    "cwe": [
        "CWE-88"
    ],
    "cvelist": null,
    "sourceData": "Roundcube Webmail 0\nRoundcube Webmail 1.6.0",
    "sourceHref": "",
    "cvss": {
        "score": 3.1,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Webmail",
    "version": "0",
    "vendor": "Roundcube",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}