Red Hat CVE-2026-26079
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
AnalysisAI
Roundcube Webmail versions up to 1.5.13 is affected by inclusion of functionality from untrusted control sphere (CVSS 4.7).
Technical ContextAI
This vulnerability (CWE-829: Inclusion of Functionality from Untrusted Control Sphere) affects Roundcube Webmail. Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
Affected ProductsAI
Product: Roundcube Webmail. Versions: up to 1.5.13.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Vendor StatusVendor
SUSE
Severity: Medium| Product | Status |
|---|---|
| SUSE Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.6 | Fixed |
| openSUSE Leap 16.0 | Fixed |
| SUSE Package Hub 15 SP6 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today