Denial of Service in Roundcube Webmail Due to Infinite Loop in TNEF Decoder
CVE-2026-62642
4.3MEDIUM
What is CVE-2026-62642?
A vulnerability exists in Roundcube Webmail versions prior to 1.6.17 and 1.7.x versions before 1.7.2, where an infinite loop in the TNEF decoder can be triggered. This issue is encountered when a user opens an email containing a TNEF (Transport Neutral Encapsulation Format) attachment, potentially leading to a denial of service. Users are advised to upgrade to the latest versions to mitigate this risk.
Affected Version(s)
Webmail 1.6.0 < 1.6.17
Webmail 1.7.0 < 1.7.2
