Description
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data.
Remediation
References
Related Vulnerabilities
Magento Deserialization of Untrusted Data Vulnerability (CVE-2019-8141)
WordPress Plugin Broken Link Checker Cross-Site Scripting (1.11.8)
MySQL CVE-2026-21964 Vulnerability (CVE-2026-21964)
WordPress Plugin Zip Attachments Arbitrary File Download (1.4)
WordPress Plugin Custom CSS Pro Cross-Site Request Forgery (1.0.3)