CVE-2026-25916 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.
Medium CVSS: 4.3

CVE-2026-25916

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.
Vendor
-
Product
-
CWE
CWE-420
Yayın Tarihi
2026-02-09 09:16:34
Güncelleme
2026-02-09 16:08:35
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-420 MEDIUM 2026

Referanslar

https://github.com/roundcube/roundcubemail/commit/26d7677 https://news.ycombinator.com/item?id=46937012 https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/