Upstream information

CVE-2026-62644 at MITRE

Description

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the password plugin of the Roundcube Webmail was subject to username spoofing via session data, which could lead to account takeover.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v3 Scores
CVSS detail CNA (MITRE)
Base Score 6.4
Vector CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact None
CVSSv3 Version 3.1
SUSE Bugzilla entry: 1271474 [NEW]

No SUSE Security Announcements cross referenced.


SUSE Timeline for this CVE

CVE page created: Wed Jul 15 17:32:48 2026
CVE page last modified: Wed Jul 15 17:32:48 2026