Roundcube security advisory (AV26-657)
Serial number: AV26-657 Date: July 6, 2026 On July 5, 2026, Roundcube published security advisories to address vulnerabilities in the following product: Roundcube Webmail – versions prior to 1.6.17 Roundcube Webmail – versions prior to 1.7.2 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. Security updates 1.6.17 and 1.7.2 released Roundcube Webmail 1.6.17 Roundcube Webmail 1.7.2 Roundcube Open Source Webmail Software
CSIRTS triage
- What
- Roundcube Webmail has vulnerabilities that need to be addressed.
- Who is affected
- Users and administrators of Roundcube Webmail versions prior to 1.6.17 and 1.7.2.
- Urgency
- Remediation is necessary to ensure security, although the severity is unknown.
- Action
- Users should update to Roundcube Webmail versions 1.6.17 or 1.7.2.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Roundcube Webmail
Get an email when a new Roundcube Webmail advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://cyber.gc.ca/en/alerts-advisories/roundcube-security-advisory-av26-657
More from Canadian Centre for Cyber Security
- unknownBitWarden security advisory (AV26-683)2026-07-10
- criticalAL25-007 - Vulnerability impacting Roundcube Webmail – CVE-2025-49113 – Update 12026-07-10
- unknownMicrosoft Edge security advisory (AV26-682)2026-07-10
- criticalBroadcom VMware security advisory (AV26-681)2026-07-10
- unknownDjango security advisory (AV26-084) – Update 12026-07-09