EUVD-2026-18585
GHSA-46pv-mj2g-93gh
4.2
CVSS 3.1
Share
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Lifecycle Timeline
4
Patch Released
Apr 04, 2026 - 08:30 nvd
Patch available
EUVD ID Assigned
Apr 03, 2026 - 04:30 euvd
EUVD-2026-18585
Analysis Generated
Apr 03, 2026 - 04:30 vuln.today
CVE Published
Apr 03, 2026 - 03:50 nvd
MEDIUM 4.2
Description
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password.
Analysis
Type confusion in Roundcube Webmail's password plugin allows authenticated users to change passwords without knowing the old password, affecting versions before 1.5.14 and 1.6.14. The vulnerability stems from incorrect password comparison logic that enables privilege escalation within an authenticated session. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
21
Low
Medium
High
Critical
KEV: 0
EPSS: +0.0
CVSS: +21
POC: 0
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).