{"id":"CVE-2016-9920","details":"steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before 1.2.3, when no SMTP server is configured and the sendmail program is enabled, does not properly restrict the use of custom envelope-from addresses on the sendmail command line, which allows remote authenticated users to execute arbitrary code via a modified HTTP request that sends a crafted e-mail message.","modified":"2026-04-11T19:41:38.499486Z","published":"2016-12-08T18:59:00.200Z","related":["MGASA-2016-0430"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/94858"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/12/08/10"},{"type":"ADVISORY","url":"https://roundcube.net/news/2016/11/28/updates-1.2.3-and-1.1.7-released"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201612-44"},{"type":"EVIDENCE","url":"https://blog.ripstech.com/2016/roundcube-command-execution-via-email/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/roundcube/roundcubemail","events":[{"introduced":"0"},{"last_affected":"802d11915393a0811c90d9a791c2cf62528a8075"},{"last_affected":"1d7be448f309d33c6ad4252c0abf581402891f22"},{"last_affected":"12813e9d430c057659a07c37b5680b6fd78efc12"},{"last_affected":"444fdb6161bdb0c5e90d41e30803f10e8dd5f9e8"}],"database_specific":{"cpe":["cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*","cpe:2.3:a:roundcube:webmail:1.2.0:*:*:*:*:*:*:*","cpe:2.3:a:roundcube:webmail:1.2.1:*:*:*:*:*:*:*","cpe:2.3:a:roundcube:webmail:1.2.2:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0"},{"last_affected":"1.1.6"},{"last_affected":"1.2.0"},{"last_affected":"1.2.1"},{"last_affected":"1.2.2"}],"source":"CPE_FIELD"}}],"versions":["1.1-beta","1.1-rc","1.1.0","1.1.1","1.1.2","1.1.3","1.1.4","1.1.5","1.1.6","1.2-beta","1.2-rc","1.2.0","1.2.1","1.2.2","v0.1-beta2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-9920.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}