CRITICALAdvisoryJul 09, 2026
Action required
Immediately patch Roundcube to the latest version. Search logs for exploitation of CVE-2024-42009 and CVE-2025-49113. Hunt for web shells and VShell artifacts in webmail directories. Review user sessions for unauthorized access to physics and engineering department accounts.
Affected products
RoundcubeProofpoint
CVE IDs