Webmail — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in Webmail, with AI-generated Chinese analysis, references, and POCs.

Vendor: Roundcube

CVE ID	Title	CVSS	Severity	Published
CVE-2026-35391	Bulwark Webmail getClientIP() trusted client-controlled X-Forwarded-For value, enabling rate limit bypass and audit log forgery CWE-348	9.1^AI	Critical^AI	2026-04-06
CVE-2026-35390	Content-Security-Policy was set to Report-Only mode, failing to block XSS attacks CWE-79	5.4^AI	Medium^AI	2026-04-06
CVE-2026-35389	Bulwark Webmail S/MIME signature verification accepted self-signed certificates CWE-295	5.3^AI	Medium^AI	2026-04-06
CVE-2026-35545	Roundcube Webmail 安全漏洞 CWE-669	5.3	Medium	2026-04-03
CVE-2026-35544	Roundcube Webmail 安全漏洞 CWE-669	5.3	Medium	2026-04-03
CVE-2026-35543	Roundcube Webmail 安全漏洞 CWE-669	5.3	Medium	2026-04-03
CVE-2026-35542	Roundcube Webmail 安全漏洞 CWE-669	5.3	Medium	2026-04-03
CVE-2026-35541	Roundcube Webmail 安全漏洞 CWE-843	4.2	Medium	2026-04-03
CVE-2026-35540	Roundcube Webmail 安全漏洞 CWE-669	5.4	Medium	2026-04-03
CVE-2026-35539	Roundcube Webmail 跨站脚本漏洞 CWE-79	6.1	Medium	2026-04-03
CVE-2026-35538	Roundcube Webmail 参数注入漏洞 CWE-88	3.1	Low	2026-04-03
CVE-2026-35537	Roundcube Webmail 代码问题漏洞 CWE-502	3.7	Low	2026-04-03
CVE-2026-34834	Bulwark Webmail: Authentication Bypass in verifyIdentity() due to missing cookie validation CWE-287	8.2^AI	High^AI	2026-04-02
CVE-2026-34833	Bulwark Webmail: Information Exposure: password returned in /api/auth/session CWE-312	7.5^AI	High^AI	2026-04-02
CVE-2026-26079	Roundcube Webmail 安全漏洞 CWE-829	4.7	Medium	2026-02-11
CVE-2026-25916	Roundcube Webmail 安全漏洞 CWE-420	4.3	Medium	2026-02-09
CVE-2025-68461	Roundcube Webmail 跨站脚本漏洞 CWE-79	7.2	High	2025-12-18
CVE-2025-68460	Roundcube Webmail 安全漏洞 CWE-116	7.2	High	2025-12-18
CVE-2025-49113	Roundcube Webmail 安全漏洞 CWE-502	9.9	Critical	2025-06-02

All 19 known CVE vulnerabilities affecting Webmail with full Chinese analysis, references, and POCs where available.