Updated roundcubemail packages fix security vulnerabilities
Publication date: 11 Jun 2026Modification date: 11 Jun 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-48842 , CVE-2026-48843 , CVE-2026-48844 , CVE-2026-48845 , CVE-2026-48846 , CVE-2026-48847 , CVE-2026-48848 , CVE-2026-48849
Description
Multiple security vulnerabilities were discovered in RoundCube Webmail,
which could result in cross-site scripting, SQL injection, SSRF bypass,
information disclosure, denial of service or code injection.
References
- https://bugs.mageia.org/show_bug.cgi?id=35599
- https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
- https://lists.debian.org/debian-security-announce/2026/msg00212.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYFEOBDMYY7JRKWNFYSC7KT2TT2XXNBE/
- https://www.openwall.com/lists/oss-security/2026/06/03/17
- https://www.cve.org/CVERecord?id=CVE-2026-48842
- https://www.cve.org/CVERecord?id=CVE-2026-48843
- https://www.cve.org/CVERecord?id=CVE-2026-48844
- https://www.cve.org/CVERecord?id=CVE-2026-48845
- https://www.cve.org/CVERecord?id=CVE-2026-48846
- https://www.cve.org/CVERecord?id=CVE-2026-48847
- https://www.cve.org/CVERecord?id=CVE-2026-48848
- https://www.cve.org/CVERecord?id=CVE-2026-48849
SRPMS
9/core
- roundcubemail-1.6.16-1.mga9