Denial of Service Vulnerability in Roundcube Webmail by Roundcube
CVE-2026-62641
4.3MEDIUM
What is CVE-2026-62641?
A denial of service vulnerability exists in Roundcube Webmail due to a flaw in the TNEF decoder. This issue allows attackers to craft a malicious compressed RTF size, potentially overwhelming the service and leading to a degradation of performance or unavailability. Users running affected versions of Roundcube prior to 1.6.17 or in the 1.7.x series prior to 1.7.2 are encouraged to apply security updates to mitigate this risk.
Affected Version(s)
Webmail 1.6.0 < 1.6.17
Webmail 1.7.0 < 1.7.2
