roundcube
Security Risk Profile
41
/100
mediumSecurity Risk Score
Comprehensive risk assessment based on 119 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from December 20, 2005 to present
119
Total CVEs
31
Critical+High
14
Exploited
13
Unpatched
Threat Assessment
Avg CVSS
6.4
Base severity
Avg EPSS
82%
Exploit probability
Unpatched
13
Critical/High
Risk Level
41/100
medium
⚠️ 14 Active Exploits⚡ 4 Zero-Days🆕 8Fresh (<7d)📈 9 in Last 30 Days
Severity Distribution
Critical
8High
23Medium
55Low
7Exploit Likelihood
>50% chance
220-50%
05-20%
0<5%
0Age Distribution
Common Weaknesses (CWE)
1
XSS
44
2
CSRF
7
3
Infoleak
6
4
Path Traversal
4
5
Input Validation
4
Most Affected Products
1. Roundcube Webmail606
2. Roundcube Roundcube Webmail33
3. Debian Debian Linux33
4. Roundcube Roundcube29
5. debian/roundcube27
Recent Vulnerabilities
See more →CVE-2026-48849
CVSS 4.4medium
5/25/2026🔧 No Patch
CVE-2026-48848
CVSS 7.2high
5/25/2026🔧 No Patch
CVE-2026-48847
CVSS 3.7low
5/25/2026🔧 No Patch
CVE-2026-48846
CVSS 6.5medium
5/25/2026🔧 No Patch
CVE-2026-48845
CVSS 6.5medium
5/25/2026🔧 No Patch
CVE-2026-48844
CVSS 7.5high
5/25/2026🔧 No Patch
CVE-2026-48843
CVSS 7.2high
5/25/2026🔧 No Patch
CVE-2026-48842
CVSS 8.1high
5/25/2026🔧 No Patch
EOL-roundcube-1.7
unknown
5/10/2026
https://seclists.org/oss-sec/2026/q2/101
unknown
CVE-2026-35537+moRoundcube arbitrary write + ID/XSS/etc. prior to 1.6.14
4/11/2026🔧 No Patch
Monitor roundcube in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.