Roundcube Webmail users are urged to patch their systems after the disclosure of multiple high-severity vulnerabilities, including a critical pre-authentication SQL injection flaw that allows attackers to execute malicious database queries without any login credentials. The vulnerabilities were addressed in security updates 1.6.16 and 1.7.1, released on May 24, 2026, covering both the long-term support and current stable […]
The post Critical Roundcube Flaw Allows Attackers to Inject SQL Queries appeared first on Cyber Security News.