What is the CVSS score of CVE-2026-35542?

CVE-2026-35542 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-35542?

Yes, a patch is available for CVE-2026-35542. Update the affected software to the latest version immediately.

Webmail CVE-2026-35542

EUVD-2026-18587 MEDIUM

Incorrect Resource Transfer Between Spheres (CWE-669)

2026-04-03 mitre

GHSA-5hf6-crg4-fg59

Information Disclosure Webmail

5.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.3 MEDIUM

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

Patch released

Apr 04, 2026 - 08:30 nvd

Patch available

EUVD ID Assigned

Apr 03, 2026 - 04:30 euvd

EUVD-2026-18587

Analysis Generated

Apr 03, 2026 - 04:30 vuln.today

CVE Published

Apr 03, 2026 - 03:54 nvd

MEDIUM 5.3

DescriptionCVE.org

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information disclosure or access-control bypass.

AnalysisAI

Roundcube Webmail before versions 1.5.14 and 1.6.14 allows unauthenticated remote attackers to bypass the remote image blocking security feature through a crafted background attribute in a BODY element of an email message, enabling information disclosure via tracking pixels or other image-based reconnaissance. The vulnerability affects all versions prior to 1.5.14 and 1.6.x versions before 1.6.14, with CVSS 5.3 (medium severity) reflecting the low confidentiality impact but lack of authentication requirements.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	This vulnerability presents moderate real-world risk aligned with its CVSS 5.3 score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker sends a carefully crafted email message to a Roundcube user containing a BODY element with a malicious BACKGROUND attribute pointing to an attacker-controlled image server. When the user opens the email in Roundcube, despite the webmail client's remote image blocking feature being enabled, the BACKGROUND attribute bypass allows the browser to request the image from the attacker's server. …
Remediation	Vendor-released patches are available: upgrade Roundcube Webmail to version 1.5.14 or later for the 1.5.x branch, version 1.6.14 or later for the 1.6.x branch, or 1.7-rc5 or later for the development branch. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-35542 vulnerability details – vuln.today

Back

Webmail CVE-2026-35542

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Vulnerability AssessmentAI

Share

External POC / Exploit Code