CNNVD-202602-1255 Information
CNNVD ID
CNNVD-202602-1255
Related CVE
- CNNVD Published: 2026-02-09
Description (Chinese)
Roundcube Webmail是Roundcube开源的一款基于浏览器的开源IMAP客户端,它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.5.13之前版本和1.6版本至1.6.13之前版本存在安全漏洞,该漏洞源于使用阻止远程图像功能时未阻止SVG feImage。
Description (English)
Rundcube Webmail is an open-source IMAP client based on a browser that supports address book management, information search, spell checking, etc. There is a security loophole in previous editions of Rundcube Webmail 1.5.13 and 1.6 to 1.6.13, which stems from the fact that SVG feImage was not stopped when it was used to block remote image functions.
Vulnerability Type
其他
Affected Vendor
Roundcube
Published
2026-02-09
Last Modified
2026-02-24
References
https://news.ycombinator.com/item?id=46937012 https://github.com/roundcube/roundcubemail/commit/26d7677 https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/ https://access.redhat.com/security/cve/cve-2026-25916 https://cxsecurity.com/issue/WLB-2026020016
Patch
https://roundcube.net/download/
Share on: