CVE-2026-35543

| EUVD-2026-18589 MEDIUM
2026-04-03 mitre GHSA-j2g6-8rvg-7mf6
5.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

4
Patch Released
Apr 04, 2026 - 08:30 nvd
Patch available
EUVD ID Assigned
Apr 03, 2026 - 04:30 euvd
EUVD-2026-18589
Analysis Generated
Apr 03, 2026 - 04:30 vuln.today
CVE Published
Apr 03, 2026 - 03:57 nvd
MEDIUM 5.3

Tags

Information Disclosure

Description

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead to information disclosure or access-control bypass.

Analysis

Roundcube Webmail before versions 1.5.14 and 1.6.14 allows unauthenticated remote attackers to bypass the remote image blocking feature via SVG content containing animate attributes in email messages, leading to information disclosure or access control bypass. The vulnerability has a CVSS score of 5.3 (moderate severity) with low attack complexity and no authentication required, though the confidentiality impact is limited.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

27
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +26
POC: 0

Share

CVE-2026-35543 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy