Alerts This Week
Warning Icon 1 1,213
Alerts This Week
Warning Icon 1 1,213

Ubuntu 26.04 LTS Roundcube Important XSS Risk USN-8482-1

ubuntu
Calendar Grey June 30, 2026
Dist Ubuntu Esm H88
Roundcube Webmail has a Cross-Site Scripting issue that could allow attackers to execute scripts via malicious websites. Update now.
Roundcube Webmail could be made to run programs as your login if it opened a malicious website.

Summary

Roundcube Webmail could be made to run programs as your login if it opened

a malicious website.

Software Description:

- roundcube: skinnable AJAX based webmail solution for IMAP servers - metapack

Details:

It was discovered that Roundcube Webmail was prone to a Cross-Site-Scripting

(XSS) vulnerability via the animate tag in an SVG document. An attacker

could use this issue to execute arbitrary web script in the context of an

affected user's session.

Topics%20covered

Topics Covered

security advisory cross site scripting Ubuntu important webmail roundcube

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  roundcube                       1.6.11+dfsg-1ubuntu0.26.04.1~esm1
                                  Available with Ubuntu Pro
  roundcube-core                  1.6.11+dfsg-1ubuntu0.26.04.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8482-1

CVE-2025-68461

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8482-1

Topics%20covered

Topics Covered

security advisory cross site scripting Ubuntu important webmail roundcube

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here