CVE-2026-35538

CVSS v3.1

3.1

Low

AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.

Fix

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

CVE-2026-35538

Affected Products

Webmail

CVE-2026-35538

Weakness Enumeration

Related Identifiers

Affected Products

References · 8