The Roundcube email server vulnerability (CVE-2023-43770) is actively exploited in cross-site scripting (XSS) attacks, posing a significant risk to both federal agencies and private organizations worldwide.