CISA adds two Roundcube flaws to KEV catalog
Public Sector Action
Summary
Hide ▲
Show ▼
CISA added two Roundcube webmail flaws to the KEV catalog after citing active exploitation, increasing urgency for federal remediation. CVE-2025-49113 is a CVSS 9.9 deserialization flaw that can enable remote code execution, and CVE-2025-68461 is a CVSS 7.2 XSS flaw. FCEB agencies must remediate identified vulnerabilities by March 13, 2026.
Related Happenings
IceCube, SNOWLIGHT, and VShell Roundcube post-exploitation chain
Malware Activity
H score36
First: 07.07.2026 12:10
Last: 07.07.2026 12:10
Sources 1
About this happening:
**IceCube** is a **Roundcube** post-exploitation activity targeting **U.S. and Canadian universities** and related research organizations, with observed use since **May** against...
IceCube, SNOWLIGHT, and VShell Roundcube post-exploitation chain
Malware ActivityAbout this happening: **IceCube** is a **Roundcube** post-exploitation activity targeting **U.S. and Canadian universities** and related research organizations, with observed use since **May** against...
CISA KEV remediation order for CVE-2026-48907
Public Sector Action
H score89
First: 17.06.2026 08:50
Last: 17.06.2026 08:50
Sources 1
About this happening:
CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV remediation order for CVE-2026-48907
Public Sector ActionAbout this happening: CISA added **CVE-2026-48907** to the **KEV catalog** and ordered **FCEB agencies** to apply fixes by **June 19, 2026**, forcing federal remediation of an **actively exploited** Jo...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector Action
H score36
First: 16.06.2026 13:47
Last: 16.06.2026 13:47
Sources 1
About this happening:
**CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
CISA KEV order for FCEB agencies on LiteSpeed cPanel flaw
Public Sector ActionAbout this happening: **CISA** added the **LiteSpeed cPanel user-end plugin** flaw to **KEV** and ordered **Federal Civilian Executive Branch agencies** to secure systems within **three days** under **...
CISA BOD 26-04 remediation requirements
Advisory/Mitigation
H score31
First: 11.06.2026 15:46
Last: 11.06.2026 15:46
Sources 1
About this happening:
CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...
CISA BOD 26-04 remediation requirements
Advisory/MitigationAbout this happening: CISA’s **Binding Operational Directive 26-04** forces **FCEB agencies** to speed up remediation of high-risk vulnerabilities, with some deadlines as short as **3 days** and new **...
CISA KEV order for FCEB remediation of CVE-2026-50751
Public Sector Action
H score43
First: 09.06.2026 11:18
Last: 09.06.2026 11:18
Sources 1
About this happening:
**CISA** ordered **Federal Civilian Executive Branch** agencies to secure **CVE-2026-50751**, forcing a rapid federal response to a flaw that can let attackers bypass authenticati...
CISA KEV order for FCEB remediation of CVE-2026-50751
Public Sector ActionAbout this happening: **CISA** ordered **Federal Civilian Executive Branch** agencies to secure **CVE-2026-50751**, forcing a rapid federal response to a flaw that can let attackers bypass authenticati...
Timeline
-
21.02.2026 09:21 1 articles · 4mo ago
Roundcube CVE-2025-49113 exploit is offered for sale
Exploitation ObservedAn exploit for Roundcube CVE-2025-49113 was made available for sale, and FearsOff said attackers had already diffed and weaponized the flaw within 48 hours of public disclosure. The vulnerability allows authenticated users to trigger remote code execution through the unvalidated `_from` parameter in `program/actions/settings/upload.php`.
Show sources
- CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog — thehackernews.com — 21.02.2026 09:21
-
21.02.2026 09:21 3 articles · 4mo ago
CISA adds Roundcube flaws to the KEV catalog
Legal Policy Action UpdateCISA added CVE-2025-49113 and CVE-2025-68461 to the Known Exploited Vulnerabilities (KEV) catalog after citing active exploitation of Roundcube webmail software, and Federal Civilian Executive Branch (FCEB) agencies were directed to remediate the identified vulnerabilities by March 13, 2026. CVE-2025-49113 carries a CVSS score of 9.9, and CVE-2025-68461 carries a CVSS score of 7.2.
Show sources
- CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog — thehackernews.com — 21.02.2026 09:21
- CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog — thehackernews.com — 21.02.2026 09:21
- CISA: Recently patched RoundCube flaws now exploited in attacks — www.bleepingcomputer.com — 23.02.2026 13:44