Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

webmail — Vulnerabilities & Security Advisories 33

All 33 CVE vulnerabilities found in webmail, with AI-generated Chinese analysis, references, and POCs.

This page aggregates vulnerability data for the Webmail product, covering various weakness types and security tags identified by independent vendors. The content includes a comprehensive collection of disclosed security flaws, configuration errors, and implementation defects affecting web-based email clients and servers. These entries span a historical time range, capturing both recent findings and legacy issues that have been reported to the community or tracked by security researchers over the past several years. By browsing this resource, you can efficiently track a vendor's advisories to stay informed about the latest patches and mitigation strategies. You can also understand a specific weakness class by seeing how it manifests differently across various webmail implementations and deployment scenarios. Additionally, the page allows you to look up a product's vulnerability history to identify patterns in security stability, assess the impact of past incidents, and evaluate the effectiveness of previous remediation efforts. This structured approach provides a clear view of the threat landscape specific to webmail technologies, helping administrators and developers prioritize their security testing and update cycles. The data is organized to facilitate easy comparison between different products and vendors, ensuring that stakeholders have access to actionable intelligence. This resource serves as a central reference point for anyone responsible for maintaining the security posture of email infrastructure, offering a detailed look at the ongoing challenges in protecting webmail services from exploitation.

Vendor: Roundcube

CVE IDTitleCVSSSeverityPublished
CVE-2026-54432 Roundcube webmail 跨站脚本漏洞 CWE-79 4.7 Medium2026-07-14
CVE-2026-54433 Roundcube webmail 跨站脚本漏洞 CWE-79 7.2 High2026-07-14
CVE-2026-62644 Roundcube webmail 授权问题漏洞 CWE-290 6.4 Medium2026-07-14
CVE-2026-62643 Roundcube webmail 服务端请求伪造漏洞 CWE-918 7.2 High2026-07-14
CVE-2026-62642 Roundcube webmail 资源管理错误漏洞 CWE-835 4.3 Medium2026-07-14
CVE-2026-62641 Roundcube webmail 资源管理错误漏洞 CWE-770 4.3 Medium2026-07-14
CVE-2026-48849 Roundcube Webmail 跨站脚本漏洞 CWE-79 4.4 Medium2026-05-25
CVE-2026-48848 Roundcube Webmail 跨站脚本漏洞 CWE-79 7.2 High2026-05-25
CVE-2026-48847 Roundcube Webmail 安全漏洞 CWE-669 3.7 Low2026-05-25
CVE-2026-48846 Roundcube Webmail 安全漏洞 CWE-669 6.5 Medium2026-05-25
CVE-2026-48845 Roundcube Webmail 安全漏洞 CWE-669 6.5 Medium2026-05-25
CVE-2026-48844 Roundcube Webmail 安全漏洞 CWE-670 7.5 High2026-05-25
CVE-2026-48843 Roundcube Webmail 代码问题漏洞 CWE-918 7.2 High2026-05-25
CVE-2026-48842 Roundcube Webmail SQL注入漏洞 CWE-89 8.1 High2026-05-25
CVE-2026-35391 Bulwark Webmail getClientIP() trusted client-controlled X-Forwarded-For value, enabling rate limit bypass and audit log forgery CWE-348 9.1AICriticalAI2026-04-06
CVE-2026-35390 Content-Security-Policy was set to Report-Only mode, failing to block XSS attacks CWE-79 5.4AIMediumAI2026-04-06
CVE-2026-35389 Bulwark Webmail S/MIME signature verification accepted self-signed certificates CWE-295 5.3AIMediumAI2026-04-06
CVE-2026-35545 Roundcube Webmail 安全漏洞 CWE-669 5.3 Medium2026-04-03
CVE-2026-35544 Roundcube Webmail 安全漏洞 CWE-669 5.3 Medium2026-04-03
CVE-2026-35543 Roundcube Webmail 安全漏洞 CWE-669 5.3 Medium2026-04-03
CVE-2026-35542 Roundcube Webmail 安全漏洞 CWE-669 5.3 Medium2026-04-03
CVE-2026-35541 Roundcube Webmail 安全漏洞 CWE-843 4.2 Medium2026-04-03
CVE-2026-35540 Roundcube Webmail 安全漏洞 CWE-669 5.4 Medium2026-04-03
CVE-2026-35539 Roundcube Webmail 跨站脚本漏洞 CWE-79 6.1 Medium2026-04-03
CVE-2026-35538 Roundcube Webmail 参数注入漏洞 CWE-88 3.1 Low2026-04-03
CVE-2026-35537 Roundcube Webmail 代码问题漏洞 CWE-502 3.7 Low2026-04-03
CVE-2026-34834 Bulwark Webmail: Authentication Bypass in verifyIdentity() due to missing cookie validation CWE-287 8.2AIHighAI2026-04-02
CVE-2026-34833 Bulwark Webmail: Information Exposure: password returned in /api/auth/session CWE-312 7.5AIHighAI2026-04-02
CVE-2026-26079 Roundcube Webmail 安全漏洞 CWE-829 4.7 Medium2026-02-11
CVE-2026-25916 Roundcube Webmail 安全漏洞 CWE-420 4.3 Medium2026-02-09

All 33 known CVE vulnerabilities affecting webmail with full Chinese analysis, references, and POCs where available.