CVE-2026-62641

Summary

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, the TNEF decoder was subject to denial of service via a crafted compressed-RTF size.

Affected Software

VendorProductVersion RangeStatus
RoundcubeWebmail1.6.0 < 1.6.17affected
RoundcubeWebmail1.7.0 < 1.7.2affected

Weaknesses

  • CWE-770: CWE-770 Allocation of Resources Without Limits or Throttling

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References