exploitDog

CVE-2026-25916

Опубликовано: 09 фев. 2026

Источник: debian

Описание

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
roundcube	fixed	1.6.13+dfsg-1		package

Примечания

Fixed by: https://github.com/roundcube/roundcubemail/commit/036e851b683333205813f70acda2dc047b4891c8 (1.6.13)
https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/

Связанные уязвимости

CVE-2026-25916

CVSS3: 4.3

ubuntu

около 2 месяцев назад

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.

CVE-2026-25916

CVSS3: 4.3

nvd

около 2 месяцев назад

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.

GHSA-q3rv-p5xv-cfpq

CVSS3: 4.3

github

около 2 месяцев назад

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.

openSUSE-SU-2026:20323-1

suse-cvrf

27 дней назад

Security update for roundcubemail