CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Roundcube security advisory (AV26-657)

unknown
Serial number: AV26-657 Date: July 6, 2026 On July 5, 2026, Roundcube published security advisories to address vulnerabilities in the following product: Roundcube Webmail – versions prior to 1.6.17 Roundcube Webmail – versions prior to 1.7.2 The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates. Security updates 1.6.17 and 1.7.2 released Roundcube Webmail 1.6.17 Roundcube Webmail 1.7.2 Roundcube Open Source Webmail Software

CSIRTS triage

vendor: Roundcubeproduct: Roundcube Webmailaffected: prior to 1.6.17, prior to 1.7.2
What
Roundcube Webmail has vulnerabilities that need to be addressed.
Who is affected
Users and administrators of Roundcube Webmail versions prior to 1.6.17 and 1.7.2.
Urgency
Remediation is necessary to ensure security, although the severity is unknown.
Action
Users should update to Roundcube Webmail versions 1.6.17 or 1.7.2.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Roundcube Webmail

Get an email when a new Roundcube Webmail advisory drops — max one per day, one-click unsubscribe.

Details

Source
Canadian Centre for Cyber Security (CA · national-cert · site)
Severity
unknown
Published
2026-07-06
Exploitation
Not in CISA KEV at last sync

Original advisory: https://cyber.gc.ca/en/alerts-advisories/roundcube-security-advisory-av26-657

More from Canadian Centre for Cyber Security