CVE-2026-25916 | Roundcube Webmail up to 1.5.12/1.6.12 SVG unprotected alternate channel

Inserito da Angelo Barbosa | Feb 9, 2026 | CVE

A vulnerability classified as problematic was found in Roundcube Webmail up to 1.5.12/1.6.12. This vulnerability affects unknown code of the component SVG Handler. Executing a manipulation can lead to unprotected alternate channel.

The identification of this vulnerability is CVE-2026-25916. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is advised.

CVE-2026-25916 | Roundcube Webmail up to 1.5.12/1.6.12 SVG unprotected alternate channel

Post correlati

CVE-2024-32576 | Booking Algorithms BA Book Everything Plugin up to 1.6.8 on WordPress cross site scripting

CVE-2023-52949 | Synology Active Backup for Business Agent prior 2.7.0-3221 Proxy Setting missing authentication (SA_24_11)

CVE-2024-11691 | Mozilla Thunderbird on macOS Apple GPU Driver memory corruption

CVE-2024-45513 | Zimbra Collaboration Suite up to 10.1 Webmail /modern/contacts/print cross site scripting