← volver
CVE-2026-48848

CVE-2026-48848

CVSS 7.2 HIGHEPSS 0.4%CWE-79
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSS) injection via an SVG document that has an animate element with the attributeName attribute.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Productos afectados
Roundcube · Webmail

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/roundcube/roundcubemail/commit/58e5263f341e6a418774fb6d2643669a3c4d8a27https://github.com/roundcube/roundcubemail/commit/c960d102472dc579e15907d5bcdc3103a090ccf9https://github.com/roundcube/roundcubemail/releases/tag/1.6.16https://github.com/roundcube/roundcubemail/releases/tag/1.7.1https://roundcube.net/news/2026/05/24/security-updates-1.6.16-and-1.7.1