PT-2026-43109 · Unknown · Roundcube Webmail
Alecpl
·
Published
2026-05-24
·
Updated
2026-05-27
·
CVE-2026-48846
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Roundcube Webmail versions 1.6.0 through 1.6.15
Roundcube Webmail versions 1.7.0 through 1.7.0
Description
The remote image blocking feature can be bypassed using a crafted CSS
var() value within an e-mail message. This bypass may result in access-control bypass or information disclosure.Recommendations
Update versions 1.6.x to 1.6.16.
Update versions 1.7.x to 1.7.1.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Roundcube Webmail