Alerts This Week
Warning Icon 1 566
Alerts This Week
Warning Icon 1 566

Fedora 43 Roundcubemail Security Update FEDORA-2026-2decd38070

fedora
Calendar Grey March 28, 2026
Dist Fedora Esm H88
Roundcubemail Fedora 43 update fixes multiple security issues, including arbitrary file writes and injection vulnerabilities.
Version 1.6.14 Fix Postgres connection using IPv6 address (#10104) Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler Security...

Summary

RoundCube Webmail is a browser-based multilingual IMAP client

with an application-like user interface. It provides full

functionality you expect from an e-mail client, including MIME

support, address book, folder manipulation, message searching

and spell checking. RoundCube Webmail is written in PHP and

requires a database: MySQL, PostgreSQL and SQLite are known to

work. The user interface is fully skinnable using XHTML and

CSS 2.

Update Information:

Version 1.6.14 Fix Postgres connection using IPv6 address (#10104) Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler Security: Fix bug where a password could get changed without providing the old password Security: Fix IMAP Injection + CSRF bypass in mail search Security: Fix remote image blocking bypass via various SVG animate attributes Security: Fix remote image blocking bypass via a crafted body background attribute Security: Fix fixed position mitigation bypass via use of !important Security: Fix XSS issue in a HTML attachment preview Security: Fix SSRF + Information Disclosure via stylesheet links to a local network hosts

Topics%20covered

Topics Covered

security advisory security issue fedora information disclosure CSRF roundcubemail

Change Log

* Wed Mar 18 2026 Remi Collet - 1.6.14-1 - update to 1.5.14

References

Fedora Update Notification FEDORA-2026-2decd38070 2026-03-28 00:45:01.878001+00:00 Name : roundcubemail Product : Fedora 43 Version : 1.6.14 Release : 1.fc43 URL : https://roundcube.net/ Summary : Round Cube Webmail is a browser-based multilingual IMAP client Description : RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in PHP and requires a database: MySQL, PostgreSQL and SQLite are known to work. The user interface is fully skinnable using XHTML and CSS 2.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-2decd38070' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: roundcubemail
Product: Fedora 43
Version: 1.6.14
Release: 1.fc43
URL: https://roundcube.net/
Summary: Round Cube Webmail is a browser-based multilingual IMAP client

Topics%20covered

Topics Covered

security advisory security issue fedora information disclosure CSRF roundcubemail

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here