Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 42 RoundcubeWebmail Important CSS Injection Fix CVE-2026-26079

fedora
Calendar Grey February 20, 2026
Dist Fedora Esm H88
Fixes for Roundcube Webmail including CSS injection and SVG content bypass vulnerabilities in Fedora 42.
Release 1.6.13 Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075) Fix remote image blocking bypass via SVG content reported by nullcath...

Summary

RoundCube Webmail is a browser-based multilingual IMAP client

with an application-like user interface. It provides full

functionality you expect from an e-mail client, including MIME

support, address book, folder manipulation, message searching

and spell checking. RoundCube Webmail is written in PHP and

requires a database: MySQL, PostgreSQL and SQLite are known to

work. The user interface is fully skinnable using XHTML and

CSS 2.

Update Information:

Release 1.6.13 Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075) Fix remote image blocking bypass via SVG content reported by nullcathedral Fix CSS injection vulnerability reported by CERT Polska

Topics%20covered

Topics Covered

security advisory fedora vulnerability important roundcubemail CSS Injection

Change Log

* Mon Feb 9 2026 Remi Collet - 1.6.13-1 - update to 1.6.13

References


[ 1 ] Bug #2438812 - CVE-2026-26079 roundcubemail: Roundcube Webmail: Cascading Style Sheets (CSS) injection via mishandled comments [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2438812

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-d684b372f1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: roundcubemail
Product: Fedora 42
Version: 1.6.13
Release: 1.fc42
URL: https://roundcube.net/
Summary: Round Cube Webmail is a browser-based multilingual IMAP client

Topics%20covered

Topics Covered

security advisory fedora vulnerability important roundcubemail CSS Injection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here