CVE-2026-62642

Summary

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, an infinite loop was discovered in the TNEF decoder, which may lead to denial of service upon opening an email with a TNEF attachment.

Affected Software

VendorProductVersion RangeStatus
RoundcubeWebmail1.6.0 < 1.6.17affected
RoundcubeWebmail1.7.0 < 1.7.2affected

Weaknesses

  • CWE-835: CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References