In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment.Referenceshttps://roundcube.net/news/2026/07/05/security-updates-1.6.17-and-1.7.2https://github.com/roundcube/roundcubemail/releases/tag/1.7.2https://github.com/roundcube/roundcubemail/commit/877269c79359d959a94f13c9070cab0f3389c193https://github.com/roundcube/roundcubemail/commit/fb952956c6eaf29e963f1a718d028d66e7957ce0https://github.com/roundcube/roundcubemail/releases/tag/1.6.17https://github.com/roundcube/roundcubemail/commit/a007321346380136b3de2bd75b486b04f63c0d38https://github.com/roundcube/roundcubemail/commit/132ac8dd5a55c8466be12de1daf84355697ffa89