Debian 11 Roundcube Important SSRF Info Disclosure Vuln DLA-4517-1
debian lts
March 30, 2026
Multiple vulnerabilities were discovered in Roundcube, a skinnable AJAX based webmail solution for IMAP servers, which might lead to information disclosure or privilege escalation
Topics Covered
Summary
* Georgios Tsimpidas discovered an Server-side request forgery (SSRF)
vulnerability via stylesheet links to a local network hosts.
* An IMAP injection and CSRF bypass vulnerability was found within the
email search logic.
* It was discovered that one could change password without providing
the old one in some situations.
* NULL CATHEDRAL discovered that the HTML sanitizer doesn't sanitize
image sources in SVG `
to bypass remote image blocking to track email open action or
potentially bypass access control.
* NULL CATHEDRAL discovered that the HTML sanitizer doesn't sanitize
`` attributes. This allows attackers to bypass
remote image blocking to track email open action or potentially
bypass access control.
* NULL CATHEDRAL discovered that the CSS sanitizer doesn't convert
`position: fixed` `position: absolute` when `!important` is used.
This allows an attacker to mask the Roundcube UI with a fake "session
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: roundcube
Version: 1.4.15+dfsg.1-1+deb11u8
CVE ID: not yet available
Debian Bug: 1131182 1132268
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!