roundcube roundcubemail Vulnerabilities: CVEs, CISA KEV & Security Advisories

This page aggregates every publicly disclosed vulnerability (CVE) affecting roundcube roundcubemail, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.

Affected versions and CVEs

Browse every roundcube roundcubemail version named in a CVE, then pick one to see only the CVEs that affect it.

Specific versions

1.1.018 CVEs
1.1-beta17 CVEs
1.1-rc17 CVEs
1.2-beta17 CVEs
v0.1-beta217 CVEs
v1.0-beta17 CVEs
1.2-rc16 CVEs
1.6.015 CVEs
1.6.115 CVEs
1.6.215 CVEs
1.4.014 CVEs
1.4.114 CVEs
1.4.214 CVEs
1.4.314 CVEs
1.6.314 CVEs
1.6.413 CVEs
1.3-beta12 CVEs
1.6.512 CVEs
1.6.612 CVEs
1.3.010 CVEs
1.3.110 CVEs
1.3.210 CVEs
1.4.410 CVEs
1.3.39 CVEs
1.3.49 CVEs
1.6.79 CVEs
1.3.58 CVEs
1.3.68 CVEs
1.3.77 CVEs
1.1.16 CVEs
1.1.26 CVEs
1.1.36 CVEs
1.1.46 CVEs
1.2.06 CVEs
1.3-rc6 CVEs
1.3.86 CVEs
1.3.96 CVEs
1.4-beta6 CVEs
1.4-rc16 CVEs
1.4-rc26 CVEs
1.4.56 CVEs
1.4.66 CVEs
1.6.86 CVEs
1.2.15 CVEs
1.2.25 CVEs
1.2.35 CVEs
1.4.75 CVEs
1.6.105 CVEs
1.6.95 CVEs
1.1.54 CVEs
1.1.64 CVEs
1.2.44 CVEs
1.3.104 CVEs
1.4.84 CVEs
1.4.94 CVEs
1.5.04 CVEs
1.5.14 CVEs
1.6.114 CVEs
1.1.73 CVEs
1.2.53 CVEs
1.2.63 CVEs
1.4.103 CVEs
1.5.23 CVEs
1.5.33 CVEs
1.1.82 CVEs
1.2.72 CVEs
1.2.82 CVEs
1.2.92 CVEs
1.3.112 CVEs
1.3.122 CVEs
1.3.132 CVEs
1.4.112 CVEs
1.5.42 CVEs
1.6.122 CVEs
1.0.01 CVE
1.0.11 CVE
1.0.21 CVE
1.0.31 CVE
1.0.41 CVE
1.0.51 CVE
1.0.61 CVE
1.0.71 CVE
1.0.81 CVE
1.1.91 CVE
1.3.141 CVE
1.3.151 CVE
1.5-beta1 CVE
1.5-rc1 CVE
1.5.51 CVE
1.6-beta1 CVE
1.6-rc1 CVE
v1.0-rc1 CVE

Fixed in

aadb13e25f73d783f731a99f9b9c2ea43bb10c794 CVEs
43aaaa528646877789ec028d87924ba1accf52423 CVEs
44ed0d6fb0cefe30c9c7892c61c34a21a7213c563 CVEs
545365ccf7fb87d23015b92a3d96dde58f5ce9843 CVEs
ed988390312e0ad16843dbd1eb7a1e82241545d23 CVEs
08de250fba731b634bed188bbe18d2f6ef3c75712 CVEs
1a7b603875bb397ebd2b2e69d5be0b59473f06f42 CVEs
25bc871ee79a6d469822d999b09c9b5d73fccf1f2 CVEs
3cb52d6db1ffd314f8e2a68629be4c9ba859a90b2 CVEs
53d75d5dfebef235a344d476b900c20c12d52b012 CVEs
786fb18c437ae1211be4d4ad0573a62c1a48b768

Find a version

43 CVEs

Sort

Medium vulnerability · 2026-02-11
CVE-2026-26079
Patch
CWE-829
Medium · CVSS 4.7
EPSS 0.1% (25th pct)2026-02-11
Medium vulnerability · 2026-02-09
CVE-2026-25916
Patch
CWE-420
Medium · CVSS 4.3
EPSS 0.0% (12th pct)2026-02-09
Medium vulnerability · 2025-12-18
CVE-2025-68461
CISA KEV
Public exploit
Patch
CWE-79
Added to CISA KEV 2026-02-20
Medium · CVSS 6.5
EPSS 6.9% (92th pct)2025-12-18
High vulnerability · 2025-12-18
CVE-2025-68460
Patch
CWE-116
High · CVSS 7.2
EPSS 0.0% (13th pct)2025-12-18
Critical vulnerability · 2025-06-02
CVE-2025-49113
CISA KEV
Public exploit
Patch
CWE-502
Added to CISA KEV 2026-02-20
Critical · CVSS 9.4
EPSS 90.5% (100th pct)2025-06-02
Medium vulnerability · 2025-02-03
CVE-2024-57004
Public exploit
Patch
CWE-80
Medium · CVSS 6.1
EPSS 4.2% (89th pct)2025-02-03
High vulnerability · 2024-08-05
CVE-2024-42010
Patch
CWE-200
High · CVSS 7.5
EPSS 15.1% (95th pct)2024-08-05
Medium vulnerability · 2024-08-05
CVE-2024-42009
CISA KEV
Public exploit
Patch
CWE-79
Added to CISA KEV 2025-06-09
Medium · CVSS 6.4
EPSS 90.5% (100th pct)2024-08-05
Critical vulnerability · 2024-08-05
CVE-2024-42008
Patch
CWE-79
Critical · CVSS 9.3
EPSS 51.0% (98th pct)2024-08-05
Critical vulnerability · 2024-06-07
CVE-2024-37385
Patch
CWE-77
Critical · CVSS 9.8
EPSS 0.8% (75th pct)2024-06-07
Medium vulnerability · 2024-06-07
CVE-2024-37384
Patch
CWE-79
Medium · CVSS 6.1
EPSS 0.5% (67th pct)2024-06-07
Medium vulnerability · 2024-06-07
CVE-2024-37383
CISA KEV
Public exploit
Patch
CWE-79
Added to CISA KEV 2024-10-24
Medium · CVSS 5.3
EPSS 64.5% (98th pct)2024-06-07
Medium vulnerability · 2023-11-05
CVE-2023-47272
Patch
Medium · CVSS 6.1
EPSS 0.5% (66th pct)2023-11-05
Stored XSS vulnerability in Roundcube
CVE-2023-5631
CISA KEV
Public exploit
Patch
CWE-79
Added to CISA KEV 2023-10-26
Medium · CVSS 6.5
EPSS 83.2% (99th pct)2023-10-18
Medium vulnerability · 2023-09-22
CVE-2023-43770
CISA KEV
Public exploit
Patch
CWE-79
Added to CISA KEV 2024-02-12
Medium · CVSS 6.4
EPSS 79.5% (99th pct)2023-09-22
Vulnerability · 2022-01-06
CVE-2021-46144
Patch
Unscored
EPSS 1.1% (78th pct)2022-01-06
Vulnerability · 2021-11-19
CVE-2021-44025
Patch
Unscored
EPSS 0.6% (71th pct)2021-11-19
Critical vulnerability · 2021-11-19
CVE-2021-44026
CISA KEV
Public exploit
Patch
CWE-89
Added to CISA KEV 2023-06-22
Critical · CVSS 9.3
EPSS 72.5% (99th pct)2021-11-19
Vulnerability · 2021-06-24
CVE-2020-18671
Patch
Unscored
EPSS 0.4% (60th pct)2021-06-24
Vulnerability · 2021-06-24
CVE-2020-18670
Unscored
EPSS 0.4% (62th pct)2021-06-24
Vulnerability · 2021-02-09
CVE-2021-26925
Patch
Unscored
EPSS 0.3% (50th pct)2021-02-09
High vulnerability · 2020-12-28
CVE-2020-35730
CISA KEV
Public exploit
Patch
CWE-79
Added to CISA KEV 2023-06-22
High · CVSS 8.6
EPSS 67.4% (99th pct)2020-12-28
Vulnerability · 2020-08-12
CVE-2020-16145
Patch
Unscored
EPSS 0.7% (73th pct)2020-08-12
Vulnerability · 2020-07-06
CVE-2020-15562
Patch
Unscored
EPSS 0.9% (75th pct)2020-07-06
Vulnerability · 2020-06-09
CVE-2020-13964
Patch
Unscored
EPSS 0.9% (76th pct)2020-06-09
High vulnerability · 2020-06-09
CVE-2020-13965
CISA KEV
Public exploit
Patch
CWE-80
Added to CISA KEV 2024-06-26
High · CVSS 8.6
EPSS 71.8% (99th pct)2020-06-09
Vulnerability · 2020-05-04
CVE-2020-12640
Patch
Unscored
EPSS 22.7% (96th pct)2020-05-04
Critical vulnerability · 2020-05-04
CVE-2020-12641
CISA KEV
Public exploit
Patch
CWE-78
Added to CISA KEV 2023-06-22
Critical · CVSS 9.8
EPSS 93.3% (100th pct)2020-05-04
Vulnerability · 2020-05-04
CVE-2020-12625
Patch
Unscored
EPSS 2.3% (85th pct)2020-05-04
Vulnerability · 2020-05-04
CVE-2020-12626
Patch
Unscored
EPSS 1.3% (80th pct)2020-05-04

Showing 30 of 43

roundcube roundcubemail Vulnerabilities

Overview

Severity and exploitation

Affected versions and CVEs

Specific versions

Fixed in

Common weakness types

Disclosure activity by year

Other roundcube products

Frequently asked questions

How many CVEs does roundcube roundcubemail have?

How many roundcube roundcubemail CVEs are in CISA KEV?

Are there public exploits for roundcube roundcubemail vulnerabilities?

Which versions of roundcube roundcubemail are affected?

What are the most common weakness types in roundcube roundcubemail CVEs?

How many critical roundcube roundcubemail vulnerabilities are there?

What is the average severity of roundcube roundcubemail CVEs?

References

Track roundcube roundcubemail vulnerabilities