A vulnerability categorized as problematic has been discovered in Roundcube up to 1.6.16/1.7.1. This affects an unknown function of the component Email Message Handler. Such manipulation leads to cross site scripting.

This vulnerability is documented as CVE-2026-54433. The attack can be executed remotely. There is not any exploit available.