CVE-2021-44026 - Roundcube Webmail SQL Injection Vulnerability
Project:Roundcube
Product:Roundcube Webmail
Date Added:2023-06-22Due Date:2023-07-13
Vulnerability Name
Roundcube Webmail SQL Injection Vulnerability
Description
Roundcube Webmail is vulnerable to SQL injection via search or search_params.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-released
https://nvd.nist.gov/vuln/detail/CVE-2021-44026
Related News Articles
Russia-Linked APT28 Exploited MDaemon Zero-Day to Hack Government Webmail ServersMay 15, 2025
Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)August 7, 2024