CVE-2026-26079

Опубликовано: 11 фев. 2026

Источник: debian

EPSS Низкий

Описание

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

Пакет	Статус	Версия исправления	Релиз	Тип
roundcube	fixed	1.6.13+dfsg-1		package

Fixed by: https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816 (1.6.13)
Regression fix: https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447 (1.6.13)
Regression fix: https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01 (1.6.13)
https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13

EPSS

Процентиль: 25%

0.00089

Низкий

CVE-2026-26079

CVSS3: 4.7

ubuntu

около 2 месяцев назад

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

CVE-2026-26079

CVSS3: 4.7

redhat

около 2 месяцев назад

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

CVE-2026-26079

CVSS3: 4.7

nvd

около 2 месяцев назад

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

GHSA-pw24-qgf8-7qm8

CVSS3: 4.7

github

около 2 месяцев назад

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

openSUSE-SU-2026:20323-1

suse-cvrf

23 дня назад

Security update for roundcubemail

EPSS

Процентиль: 25%

0.00089

Низкий