CVE-2020-12641
Roundcube Webmail Remote Code Execution Vulnerability
CVSS
—
No CVSS
EPSS
84.5%
p100
KEV
YES
Jun 22, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
84.5%EPSS · 30 days84.5%
2026-06-302026-07-16
Product
Roundcube / Roundcube Webmail
Vulnerability
Roundcube Webmail Remote Code Execution Vulnerability
Added to KEV
Jun 22, 2023
Remediate by
Jul 13, 2023
Known ransomware use
No
Summary description
Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path.
Required action
Apply updates per vendor instructions.
Notes
https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10; https://nvd.nist.gov/vuln/detail/CVE-2020-12641