VU
HIGH
Vulnerabilities
Exploitation of Roundcube Webmail Cross-Site Scripting Vulnerabilities
CISA has added two Roundcube Webmail vulnerabilities to its Known Exploited Vulnerabilities catalog, signaling active exploitation of legacy flaws in webmail infrastructure.
Runtime Rebel Intel
2 min read·Feb 23, 2026
CY
CRITICAL
Cybersecurity
CISA Catalogs Critical Roundcube Deserialization Vulnerability Under Active Exploitation
CISA has added CVE-2025-49113 to the Known Exploited Vulnerabilities catalog, addressing a critical RCE flaw in Roundcube webmail software resulting from untrusted data deserialization.
Runtime Rebel Intel
2 min read·Feb 23, 2026