PT-2026-43108 · Unknown · Roundcube Webmail

Zazy

·

Published

2026-05-24

·

Updated

2026-05-27

·

CVE-2026-48845

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.14 through 1.6.16 Roundcube Webmail versions prior to 1.7.1
Description Remote image blocking is not honored for URLs pointing to local or private destinations. This issue can be triggered via a text/html email message, potentially leading to information disclosure or privilege escalation.
Recommendations Update versions 1.6.14 through 1.6.16 to a patched release. Update versions prior to 1.7.1 to version 1.7.1.

Exploit

Fix

LPE

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07445
CVE-2026-48845
OPENSUSE-SU-2026:10869-1
OPENSUSE-SU-2026:20852-1

Affected Products

Roundcube Webmail