CVE-2021-44026

critical-risk
Published 2021-11-19

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.

Do I need to act?

!
64.0% chance of exploitation in next 30 days
EPSS score — higher than 36% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (6)

Affected Vendors

Debian Fedoraproject Roundcube

References (15)

Mailing List https://bugs.debian.org/1000156
Patch https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d490...
Patch https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7...
Mailing List https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory https://www.debian.org/security/2021/dsa-5013
Mailing List https://bugs.debian.org/1000156
Patch https://github.com/roundcube/roundcubemail/commit/c8947ecb762d9e89c2091bda28d490...
Patch https://github.com/roundcube/roundcubemail/commit/ee809bde2dcaa04857a919397808a7...
Mailing List https://lists.debian.org/debian-lts-announce/2021/12/msg00004.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...
Third Party Advisory https://www.debian.org/security/2021/dsa-5013
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-...
71
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 26/34 · High
Exposure 13/34 · Low