CVE-2026-48843 | Roundcube Webmail up to 1.6.15/1.7.0 Mail Message server-side request forgery (EUVD-2026-31718)
A vulnerability classified as critical was found in Roundcube Webmail up to 1.6.15/1.7.0. This affects an unknown part of the component Mail Message Handler. Executing a manipulation can lead to server-side request forgery.
The identification of this vulnerability is CVE-2026-48843. The attack may be launched remotely. There is no exploit available.
Upgrading the affected component is advised.