[Pkg-roundcube-maintainers] Bug#1127447: roundcube: CSS injection vulnerability and remote image blocking bypass
Salvatore Bonaccorso
carnil at debian.org
Wed Feb 11 08:21:05 GMT 2026
Hi Guilhem,
On Sun, Feb 08, 2026 at 11:41:28PM +0100, Guilhem Moulin wrote:
> * CSS injection vulnerability reported by CERT Polska.
> https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816
> https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447 (regression)
> https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01 (regression)
This one got now as well a CVE, CVE-2026-26079.
Regards,
Salvatore
More information about the Pkg-roundcube-maintainers
mailing list