KEV Entry

CVE-2024-42009

Known Exploited Vulnerability Entry External Catalog

Back to Catalog View Vulnerability
Entry Details
Confirmed Exploited

CVE-2024-42009

2026-04-27 00:00 UTC

Timestamps

2026-04-27

2026-04-27

Scope

Affected: RoundCube / Webmail | Description: A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. | Exploitation type: APT | Threat actors: UNC1151 | CWEs: CWE-79 | Origin source: CERT-PL | Notes: https://cert.pl/en/posts/2025/06/unc1151-campaign-roundcube/

References
  • {'id': 'CVE-2024-42009', 'url': 'https://www.cve.org/CVERecord?id=CVE-2024-42009'}
  • {'id': 'EUVD-2024-39391', 'url': 'https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-39391'}
  • {'id': 'source', 'url': 'https://cert.pl/en/posts/2025/06/unc1151-campaign-roundcube/'}

e84af7cd-02da-4301-b8a0-57972586d980

cce329bf-df49-4c6e-a027-80be2e6483bd

2026-05-21 09:12 UTC

2026-05-21 09:12 UTC

Evidence
1
Type Source Signal Confidence Details GCVE Metadata
csirt_report enisa-cnw-kev successful_exploitation 0.75
View details 
{
  "catalog": "ENISA / EU CSIRTs Network (CNW) KEV JSON",
  "cwes": "CWE-79",
  "dateReported": "2026/04/27",
  "euvd": "EUVD-2024-39391",
  "exploitationType": "APT",
  "notes": "https://cert.pl/en/posts/2025/06/unc1151-campaign-roundcube/",
  "originSource": "CERT-PL",
  "product": "Webmail",
  "threatActorsExploiting": "UNC1151",
  "vendorProject": "RoundCube",
  "vulnerabilityName": ""
}
 -
Export Options
JSON Object JSON API View Full Catalog