← ExploitWatch
HomeExploited Vulnerabilities

CVE-2017-16651 — Actively Exploited: Roundcube Webmail (Roundcube)

Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default.

CVE IDCVE-2017-16651
VendorRoundcube
ProductRoundcube Webmail
Vulnerability nameRoundcube Webmail File Disclosure Vulnerability
Date added2021-11-03
Remediation due2022-05-03
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionRoundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →