HackTesting
HomeArticlesTagsContact

CVE-2026-62644

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover.

References

https://roundcube.net/news/2026/07/05/security-updates-1.6.17-and-1.7.2
https://github.com/roundcube/roundcubemail/releases/tag/1.7.2
https://github.com/roundcube/roundcubemail/commit/7414fef51cd2407d39faab99680763f10ed5231d
https://github.com/roundcube/roundcubemail/commit/9a96c20d8c7c9135876b68bebd6960af3ee60923
https://github.com/roundcube/roundcubemail/releases/tag/1.6.17
https://github.com/roundcube/roundcubemail/commit/83150ce04d689a70f92d511bcae40adba8d55476
https://github.com/roundcube/roundcubemail/commit/5cdc6a48b40beabff7f0bf5d9035f4491e877e4c
Published
Jul 14, 2026 15:55:22 UTC
Updated
Jul 14, 2026 17:15:20 UTC
Reserved
Jul 14, 2026 15:55:22 UTC
  • Home
  • Contact Us
  • Recently Updated CVEs
  • Articles
  • Tags
  • RSS Feed
  • Privacy Policy
© 2026 HackTesting. All rights reserved.