SUSE CVE-2026-25916

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...

Linux Distros Unpatched Vulnerability : CVE-2026-25916

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when Block remote images is used, does not block SVG feImage. CVE-2026-25916 Note that Nessus relies on t...

CVE-2026-25916

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...

CVE-2026-25916

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...

CVE-2026-25916

CVE-2026-25916 affects Roundcube Webmail: versions prior to 1.5.13 and prior to 1.6.13 fail to block SVG feImage usage when “Block remote images” is enabled, enabling a DOM-based attack via SVG href/feImage that can bypass remote-image blocking. The exploit path described involves SVG handling wh...

CVE-2026-25916

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage...

Roundcube Webmail 安全漏洞

Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, and more. Versions of Roundcube Webmail prior to 1.5.13, as well as versions 1.6 through 1.6.13, had security vulnerabilities. These...