CVE-2026-35538 in Webmailinfo

Summary

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsible

MITRE

Reservation

04/03/2026

Disclosure

04/03/2026

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
355068	Roundcube Webmail IMAP SEARCH Command Argument argument injection	88	Not defined	Official fix	CVE-2026-35538

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

MITRE
NVD
CVE Details

◂ PreviousOverviewNext ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!