The U.S. Cybersecurity and Infrastructure Security Agency, CISA, has added two flaws in the widely used email client Roundcube Webmail to its catalog of known actively exploited vulnerabilities. This is not a case of theoretical risk or academic curiosity — both issues have already been observed in real-world attacks. A Near-Perfect Score for Attackers The first vulnerability, tracked as CVE-2025-49113, carries a CVSS score ...
Modified: 02/26/2026