Zurück zur CVE-Übersicht
CVE-2026-62642
MEDIUM(4.3)CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Risk Signal Score21/100 — NIEDRIG
- CVSS 4.3 — Mittel
- Weniger als 24 Stunden alt
Beschreibung
In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment.
Referenzen
- https://github.com/roundcube/roundcubemail/commit/132ac8dd5a55c8466be12de1daf843...
- https://github.com/roundcube/roundcubemail/commit/877269c79359d959a94f13c9070cab...
- https://github.com/roundcube/roundcubemail/commit/a007321346380136b3de2bd75b486b...
- https://github.com/roundcube/roundcubemail/commit/fb952956c6eaf29e963f1a718d028d...
- https://github.com/roundcube/roundcubemail/releases/tag/1.6.17
- https://github.com/roundcube/roundcubemail/releases/tag/1.7.2
- https://roundcube.net/news/2026/07/05/security-updates-1.6.17-and-1.7.2