PT-2026-43111 · Unknown · Roundcube Webmail

Wooseokdotkim

·

Published

2026-05-24

·

Updated

2026-05-27

·

CVE-2026-48848

CVSS v3.1

7.2

High

VectorAV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.x through 1.6.15 Roundcube Webmail versions 1.7.x prior to 1.7
Description Insufficient HTML sanitization allows for Cascading Style Sheets (CSS) injection. This occurs when an SVG document contains an animate element utilizing the attributeName attribute.
Recommendations Update versions 1.6.x to 1.6.16. Update versions 1.7.x to 1.7.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07448
CVE-2026-48848
OPENSUSE-SU-2026:10869-1
OPENSUSE-SU-2026:20852-1

Affected Products

Roundcube Webmail