# CVE-2026-48844

> Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)

- **CVSS:** 7.5 (HIGH)
- **EPSS:** 0.0%
- **CWE:** CWE-670

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-48844
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp