CVE-2021-44026
Roundcube Webmail SQL Injection Vulnerability
CVSS
—
No CVSS
EPSS
42.8%
p99
KEV
YES
Jun 22, 2023
Exploit Today
80
0-100
Published: — · Last modified: —
42.8%EPSS · 30 days42.9%
2026-06-302026-07-16
Product
Roundcube / Roundcube Webmail
Vulnerability
Roundcube Webmail SQL Injection Vulnerability
Added to KEV
Jun 22, 2023
Remediate by
Jul 13, 2023
Known ransomware use
No
Summary description
Roundcube Webmail is vulnerable to SQL injection via search or search_params.
Required action
Apply updates per vendor instructions.
Notes
https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-released; https://nvd.nist.gov/vuln/detail/CVE-2021-44026