NextGuard
UNKNOWNCVE-2026-35537

Roundcube Webmail: Unsafe deserialization in the redis/memcache session handler

Platform

php

Component

roundcube/roundcubemail

Fixed in

1.7-rc5

View on NVD

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data.

How to fix

Actualice Roundcube Webmail a la versión 1.5.14 o 1.6.14, o superior. Esto corrige la vulnerabilidad de deserialización insegura en el manejador de sesiones redis/memcache, evitando la posible escritura arbitraria de archivos por atacantes no autenticados.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2026-35537 — Vulnerability Details | NextGuard | NextGuard