CVE-2026-62644

CVE-2026-62644CVE-2026-62644

Description

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover.

Scoring

CVSS 6.4 ()
VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Last modified2026-07-14
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.