CVE-2021-44026 - Roundcube Webmail SQL Injection Vulnerability

Vulnerability Name

Roundcube Webmail SQL Injection Vulnerability

Description

Roundcube Webmail is vulnerable to SQL injection via search or search_params.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-released

https://nvd.nist.gov/vuln/detail/CVE-2021-44026

Related News Articles

Russian hackers breach orgs to track aid routes to UkraineMay 22, 2025

Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid LogisticsMay 22, 2025

Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail ServersMay 15, 2025

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)August 7, 2024