Mageia 9 RoundCube Webmail Critical Security Issues CVE-2026-48849
mageia
June 10, 2026
Security update
Summary
Description:
Multiple security vulnerabilities were discovered in RoundCube Webmail,
which could result in cross-site scripting, SQL injection, SSRF bypass,
information disclosure, denial of service or code injection.
References
- https://bugs.mageia.org/show_bug.cgi?id=35599
- https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1
- https://lists.debian.org/debian-security-announce/2026/msg00212.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYFEOBDMYY7JRKWNFYSC7KT2TT2XXNBE/
- https://www.openwall.com/lists/oss-security/2026/06/03/17
- https://www.cve.org/CVERecord?id=CVE-2026-48842
- https://www.cve.org/CVERecord?id=CVE-2026-48843
- https://www.cve.org/CVERecord?id=CVE-2026-48844
- https://www.cve.org/CVERecord?id=CVE-2026-48845
- https://www.cve.org/CVERecord?id=CVE-2026-48846
- https://www.cve.org/CVERecord?id=CVE-2026-48847
- https://www.cve.org/CVERecord?id=CVE-2026-48848
- https://www.cve.org/CVERecord?id=CVE-2026-48849
Resolution
SRPMS
- 9/core/roundcubemail-1.6.16-1.mga9
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date:11 Jun 2026
URL: https://advisories.mageia.org/MGASA-2026-0194.html
Type: security
CVE: CVE-2026-48842,
CVE-2026-48843,
CVE-2026-48844,
CVE-2026-48845,
CVE-2026-48846,
CVE-2026-48847,
CVE-2026-48848,
CVE-2026-48849
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!