CNNVD-202602-2040 Information
CNNVD ID
CNNVD-202602-2040
Related CVE
- CNNVD Published: 2026-02-11
Description (Chinese)
Roundcube Webmail是Roundcube开源的一款基于浏览器的开源IMAP客户端,它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.5.13之前版本和1.6.13之前版本存在安全漏洞,该漏洞源于对注释处理不当,可能导致CSS注入攻击。
Description (English)
Rundcube Webmail is an open-source IMAP client based on a browser that supports address book management, information search, spell checking, etc. There is a security loophole in the previous version of Rundcube Webmail 1.5.13 and the previous version of 1.6.13, which stems from the mishandling of the notes, which could lead to an attack by CSS.
Vulnerability Type
其他
Affected Vendor
Roundcube
Published
2026-02-11
Last Modified
2026-02-24
References
https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816 https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447 https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01 https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5 https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954 https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde https://github.com/roundcube/roundcubemail/releases/tag/1.5.13 https://github.com/roundcube/roundcubemail/releases/tag/1.6.13 https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
Patch
https://github.com/roundcube/roundcubemail/releases
Share on: