[MEDIUM] Roundcube Webmail: Incorrect password comparison in the password plugin

PKSA-5v34-b81b-ng2h CVE-2026-35541 GHSA-46pv-mj2g-93gh

Affected package: roundcube/roundcubemail

Affected version: >=1.7-beta,<1.7-rc5

Reported by:
GitHub