Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Jul 13, 2023

CVE-2021-44026

High
EPSS 64.0%CISA KEV
Roundcube/Roundcube Webmail

Description

Roundcube Webmail is vulnerable to SQL injection via search or search_params.

EPSS — Exploit Probability

64.0%

Higher than 98.4% of all CVEs

Required Action

https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-released; https://nvd.nist.gov/vuln/detail/CVE-2021-44026

Risk Assessment

HIGH
In CISA KEV
High EPSS

Details

Severity
High
EPSS
64.0%
CISA KEV
Yes
Ransomware
Unknown
Articles
0

Timeline

Published

Jun 22, 2023

Added to KEV

Jun 22, 2023

Remediation Due

Jul 13, 2023

Affected Product

Roundcube

Roundcube Webmail

View all Roundcube CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE