CVE-2026-35544

EUVD-2026-18591 MEDIUM

2026-04-03 mitre

GHSA-xpqh-grpw-4xmg

5.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Lifecycle Timeline

Patch Released

Apr 04, 2026 - 08:30 nvd

Patch available

EUVD ID Assigned

Apr 03, 2026 - 04:30 euvd

EUVD-2026-18591

Analysis Generated

Apr 03, 2026 - 04:30 vuln.today

CVE Published

Apr 03, 2026 - 03:59 nvd

MEDIUM 5.3

Description

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important.

Analysis

Roundcube Webmail before versions 1.5.14 and 1.6.14 allows unauthenticated remote attackers to bypass CSS-based security mitigations in HTML email rendering by injecting !important declarations, enabling potential integrity attacks such as phishing or UI redressing. The vulnerability stems from insufficient CSS sanitization when processing HTML email messages, with no authentication required and minimal attack complexity.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +26

POC: 0

CVE-2026-35544 vulnerability details – vuln.today

Back

CVE-2026-35544

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-35544

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code