⚠ Actively exploited
Added to CISA KEV on 2023-06-22. Federal agencies required to patch by 2023-07-13. Required action: Apply updates per vendor instructions..

CVE-2021-44026SQL Injection in Webmail

CWE-89SQL Injection16 documents11 sources
Severity
9.8CRITICALNVD
OSV6.1
EPSS
64.0%
top 1.56%
CISA KEV
KEV
Added 2023-06-22
Due 2023-07-13
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Roundcube WebmailDebian LinuxFedoraproject Fedora
Timeline
PublishedNov 19
KEV addedJun 22
KEV dueJul 13
Latest updateJun 17
CISA Required Action: Apply updates per vendor instructions.

Description

Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDroundcube/webmail1.4.01.4.12+1

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 33, 34

Patches

Patch: bugs.debian.orgPatch: github.comPatch: github.com

🔴Vulnerability Details

5
OSV
roundcube vulnerabilities2022-08-08
GHSA
GHSA-5fmq-jmc8-85rw: Roundcube before 12022-05-24
CVEList
CVE-2021-44026: Roundcube before 12021-11-19
OSV
CVE-2021-44026: Roundcube before 12021-11-19
VulnCheck
Roundcube Webmail SQL Injection Vulnerability2021

📋Vendor Advisories

3
CISA
Roundcube Webmail SQL Injection Vulnerability2023-06-22
Ubuntu
Roundcube Webmail vulnerabilities2022-08-08
Debian
CVE-2021-44026: roundcube - Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL inje...2021

🕵️Threat Intelligence

7
Bleepingcomputer
Hacker steals 1 million Cock.li user records in webmail data breach2025-06-17
Bleepingcomputer
Russian hackers breach orgs to track aid routes to Ukraine2025-05-21
Securelist
Advanced threat predictions for 20242023-11-14
Securelist
Kaspersky Security Bulletin: APT predictions 20242023-11-14
Bleepingcomputer
France says Russian state hackers breached numerous critical networks2023-10-26
CVE-2021-44026 — SQL Injection in Roundcube Webmail | cvebase