{ "schema_version": "1.7.0", "id": "MGASA-2026-0194", "published": "2026-06-11T01:40:05Z", "modified": "2026-06-11T00:50:17Z", "summary": "Updated roundcubemail packages fix security vulnerabilities", "details": "Multiple security vulnerabilities were discovered in RoundCube Webmail,\nwhich could result in cross-site scripting, SQL injection, SSRF bypass,\ninformation disclosure, denial of service or code injection.\n", "upstream": [ "CVE-2026-48842", "CVE-2026-48843", "CVE-2026-48844", "CVE-2026-48845", "CVE-2026-48846", "CVE-2026-48847", "CVE-2026-48848", "CVE-2026-48849" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2026-0194.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=35599" }, { "type": "WEB", "url": "https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1" }, { "type": "WEB", "url": "https://lists.debian.org/debian-security-announce/2026/msg00212.html" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYFEOBDMYY7JRKWNFYSC7KT2TT2XXNBE/" }, { "type": "WEB", "url": "https://www.openwall.com/lists/oss-security/2026/06/03/17" } ], "affected": [ { "package": { "ecosystem": "Mageia:9", "name": "roundcubemail", "purl": "pkg:rpm/mageia/roundcubemail?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "1.6.16-1.mga9" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }