CVE-2026-26079

Publication date

2026-02-11 04:27:24

Family

mitre

State

PUBLISHED

Description

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.