
Roundcube Webmail 1.7.2 Fixes Zero-Click XSS, SSRF Bypass, and DoS Flaws
Roundcube has released version 1.7.2, a security-focused update addressing six vulnerabilities, including two CVE-tracked flaws that could allow attackers to execute stored cross-site scripting (XSS) without any user interaction. Maintainer alecpl pushed the release five days ago, urging all production deployments to update immediately after backing up data. The most severe issue, tracked as CVE-2026-54433, […]
The post Roundcube Webmail 1.7.2 Fixes Zero-Click XSS, SSRF Bypass, and DoS Flaws appeared first on Cyber Security News.