Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-26079

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-11 Feb, 2026 | 04:27
Updated At-11 Feb, 2026 | 16:06
Rejected At-
Credits

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:11 Feb, 2026 | 04:27
Updated At:11 Feb, 2026 | 16:06
Rejected At:
▼CVE Numbering Authority (CNA)

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

Affected Products
Vendor
Roundcube Webmail ProjectRoundcube
Product
Webmail
Default Status
unaffected
Versions
Affected
  • From 0 before 1.5.13 (semver)
  • From 1.6.0 before 1.6.13 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-829CWE-829 Inclusion of Functionality from Untrusted Control Sphere
Type: CWE
CWE ID: CWE-829
Description: CWE-829 Inclusion of Functionality from Untrusted Control Sphere
Metrics
VersionBase scoreBase severityVector
3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
N/A
https://github.com/roundcube/roundcubemail/releases/tag/1.6.13
N/A
https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816
N/A
https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447
N/A
https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01
N/A
https://github.com/roundcube/roundcubemail/releases/tag/1.5.13
N/A
https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954
N/A
https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5
N/A
https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde
N/A
Hyperlink: https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/releases/tag/1.6.13
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/releases/tag/1.5.13
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:11 Feb, 2026 | 05:16
Updated At:11 Feb, 2026 | 15:27

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-829Primarycve@mitre.org
CWE ID: CWE-829
Type: Primary
Source: cve@mitre.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816cve@mitre.org
N/A
https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447cve@mitre.org
N/A
https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01cve@mitre.org
N/A
https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5cve@mitre.org
N/A
https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954cve@mitre.org
N/A
https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cdecve@mitre.org
N/A
https://github.com/roundcube/roundcubemail/releases/tag/1.5.13cve@mitre.org
N/A
https://github.com/roundcube/roundcubemail/releases/tag/1.6.13cve@mitre.org
N/A
https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13cve@mitre.org
N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/releases/tag/1.5.13
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/releases/tag/1.6.13
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

0Records found
Details not found