Skip to main content

Red Hat CVE-2026-26079

MEDIUM
Inclusion of Functionality from Untrusted Control Sphere (CWE-829)
2026-02-11 cve@mitre.org
4.7
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.7 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
SUSE
MEDIUM
qualitative
Red Hat
4.7 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch released
Apr 10, 2026 - 08:30 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 22:02 vuln.today
CVE Published
Feb 11, 2026 - 05:16 nvd
MEDIUM 4.7

DescriptionCVE.org

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

AnalysisAI

Roundcube Webmail versions up to 1.5.13 is affected by inclusion of functionality from untrusted control sphere (CVSS 4.7).

Technical ContextAI

This vulnerability (CWE-829: Inclusion of Functionality from Untrusted Control Sphere) affects Roundcube Webmail. Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

Affected ProductsAI

Product: Roundcube Webmail. Versions: up to 1.5.13.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Package Hub 15 SP6 Fixed
openSUSE Leap 15.6 Fixed
openSUSE Leap 16.0 Fixed
SUSE Package Hub 15 SP6 Fixed

Share

CVE-2026-26079 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy