ClickCease Roundcube Webmail Vulnerability Under Exploitation, Patch Now

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Roundcube Webmail Vulnerability Under Exploitation, Patch Now

Rohan Timalsina

February 26, 2024 - TuxCare expert team

Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Roundcube webmail vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Tracked as CVE-2023-43770, this issue is a persistent cross-site scripting (XSS) issue that allows attackers to obtain sensitive information through specially crafted links in plain text messages. The affected Roundcube versions include 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3.


What is XSS Vulnerability


Cross-Site Scripting (XSS) is a security flaw commonly found in web applications. It occurs when a web application allows users to input data that is then included in the output web page without proper validation or escaping. Attackers exploit this vulnerability by injecting malicious code into websites, typically in the form of HTML or JavaScript. When other users visit the affected page, these scripts execute in their browsers, potentially allowing the attacker to steal sensitive information, manipulate page content, or perform other malicious actions.

A patch for the Roundcube webmail vulnerability was issued in the Roundcube version 1.6.3 on 15 September 2023. To mitigate this vulnerability, it is essential to upgrade the existing Roundcube installations to the newer version. At the time of writing, the latest version of Roundcube is 1.6.6, which is also not affected by CVE-2023-43770.


CISA Urges to Patch Roundcube Webmail Vulnerability


Roundcube Webmail, a popular web-based IMAP email client, facilitates email access across multiple devices via the Internet Message Access Protocol (IMAP). With over 132,000 Roundcube servers worldwide, primarily concentrated in the US and China, the impact of this vulnerability is widespread.

Although the specifics of the exploitation remain unknown, it’s worth noting that threat actors, particularly those associated with Russia, such as APT28 and Winter Vivern, have a history of weaponizing vulnerabilities in web-based email clients.

Given the severity of this exploit and the potential for widespread ramifications, prompt action is paramount. FCEB agencies must prioritize remediation efforts by updating to Roundcube version 1.6.3 or newer before March 4, 2024. Additionally, all Roundcube Webmail users are strongly advised to update their installations immediately to mitigate the risk posed by this vulnerability.


The sources for this article include a story from BleepingComputer.

Roundcube Webmail Vulnerability Under Exploitation, Patch Now
Article Name
Roundcube Webmail Vulnerability Under Exploitation, Patch Now
Stay secure from Roundcube webmail vulnerability, a medium-severity XSS flaw (CVE-2023-43770), which is now exploited in attacks.
Publisher Name
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started




Linux & Open Source

Subscribe to
our newsletter