Description

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.

Remediation

References

CVE-2026-35538

Related Vulnerabilities

WordPress Plugin CheetahO Image Compression and Optimizer Unspecified Vulnerability (1.4.2.1)

WordPress 4.4.x Possible SQL Injection Vulnerability (4.4 - 4.4.11)

WordPress Plugin Gallery-Flagallery Photo Portfolio Cross-Site Scripting (2.70)

b2evolution Improper Input Validation Vulnerability (CVE-2017-1000423)

WordPress Plugin Social Photo Gallery Remote Code Execution (1.0)

Severity

Low

Classification

CVE-2026-35538 CWE-707 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Tags

Missing Update Known Vulnerabilities