Roundcube Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2026-35541)
Description
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password.