CVE-2026-35538

Publication date

2026-04-03 03:35:36

Family

mitre

State

PUBLISHED

Description

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.