Skip to main content
x

Roundcube Webmail Security Alert

Disclosure of Roundcube Webmail Security Vulnerability:

The security of Roundcube Webmail is compromised as hackers are actively exploiting Cross-Site Scripting (XSS) Vulnerabilities (CVE-2020-35730, CVE-2020-12641, and CVE-2021-44026). They are specifically leveraging the Exploit Stored XSS Vulnerability (CVE-2023-5631) to gain unauthorized access to email user accounts, with an ongoing operation to pilfer email users' contacts and email body content.

Security Patch Release:

In response to the identified vulnerabilities, the Roundcube Development Team has released a security patch on 16-10-2023. Mail server administrators are strongly urged to promptly update to the latest Roundcube Security Patch version 1.6.4 to mitigate the risks associated with the disclosed vulnerabilities.

Myanmar Computer Emergency Response Team