Username Spoofing Vulnerability in Roundcube Webmail
CVE-2026-62644
6.4MEDIUM
What is CVE-2026-62644?
A vulnerability in the password plugin of Roundcube Webmail allows for username spoofing through manipulated session data. This could expose the application to account takeover risks. Users are advised to update to versions 1.6.17 or 1.7.2 to mitigate these risks.
Affected Version(s)
Webmail 1.6.0 < 1.6.17
Webmail 1.7.0 < 1.7.2
