Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-35543
PUBLISHED
More InfoOfficial Page
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
View Known Exploited Vulnerability (KEV) details
Published At-03 Apr, 2026 | 03:57
Updated At-03 Apr, 2026 | 12:50
Rejected At-
▼CVE Numbering Authority (CNA)

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead to information disclosure or access-control bypass.

Affected Products
Vendor
Roundcube Webmail ProjectRoundcube
Product
Webmail
Default Status
unaffected
Versions
Affected
  • From 0 before 1.5.14 (semver)
  • From 1.6.0 before 1.6.14 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-669CWE-669 Incorrect Resource Transfer Between Spheres
Type: CWE
CWE ID: CWE-669
Description: CWE-669 Incorrect Resource Transfer Between Spheres
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
N/A
https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
N/A
https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd
N/A
https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
N/A
https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3
N/A
https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
N/A
https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c
N/A
Hyperlink: https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/82ab5eca7b332fce7a174b2b987f0957a66377cd
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/releases/tag/1.6.14
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/39471343ee081ce1d31696c456a2c163462daae3
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/releases/tag/1.5.14
Resource: N/A
Hyperlink: https://github.com/roundcube/roundcubemail/commit/1a63e01542bff42aaa71c00c4c279a09ef31f20c
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found