Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-26079
PUBLISHED
More InfoOfficial Page
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
View Known Exploited Vulnerability (KEV) details
Published At-11 Feb, 2026 | 04:27
Updated At-11 Feb, 2026 | 16:06
Rejected At-
▼CVE Numbering Authority (CNA)

Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.

Affected Products
Vendor
Roundcube Webmail ProjectRoundcube
Product
Webmail
Default Status
unaffected
Versions
Affected
  • From 0 before 1.5.13 (semver)
  • From 1.6.0 before 1.6.13 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-829CWE-829 Inclusion of Functionality from Untrusted Control Sphere
Type: CWE
CWE ID: CWE-829
Description: CWE-829 Inclusion of Functionality from Untrusted Control Sphere
Metrics
VersionBase scoreBase severityVector
3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
N/A
https://github.com/roundcube/roundcubemail/releases/tag/1.6.13
N/A
https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816
N/A
https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447
N/A
https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01
N/A
https://github.com/roundcube/roundcubemail/releases/tag/1.5.13
N/A
https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954
N/A
https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5
N/A
https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde
N/A
Hyperlink: https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/releases/tag/1.6.13
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/releases/tag/1.5.13
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/bf89cbaa5897d8ad62e8057d9a3f6babb90b7954
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/5a3315cce587e0be58335d11ff9a5571c90494a5
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/c15f5dbf093a497e19a749b20e7f8fb5a9c24cde
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found