Description

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead to information disclosure or access-control bypass.

INFO

Published Date :

2026-04-03T03:57:06.528Z

Last Modified :

2026-04-03T03:57:06.528Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2026-35543 vulnerability.

Vendors Products
Roundcube
  • Webmail
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-35543.

URL Resource
https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c cve-icon cve-icon
https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3 cve-icon cve-icon
https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd cve-icon cve-icon
https://github.com/roundcube/roundcubemail/releases/tag/1.5.14 cve-icon cve-icon
https://github.com/roundcube/roundcubemail/releases/tag/1.6.14 cve-icon cve-icon
https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5 cve-icon cve-icon
https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact