certfr_avis - certfr-2026-avi-0373

CERTFR-2026-AVI-0373

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans Roundcube. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Roundcube	Roundcube Webmail	Roundcube Webmail versions 1.6.x antérieures à 1.6.15
Roundcube	Roundcube Webmail	Roundcube Webmail versions 1.7.x antérieures à 1.7-rc6
Roundcube	Roundcube Webmail	Roundcube Webmail versions 1.5.x antérieures à 1.5.15

References

Title

Publication Time

Tags

Bulletin de sécurité Roundcube security-updates-1.7-rc6-1.6.15-1.5.15

2026-03-29

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Roundcube Webmail versions 1.6.x ant\u00e9rieures \u00e0 1.6.15",
      "product": {
        "name": "Roundcube Webmail",
        "vendor": {
          "name": "Roundcube",
          "scada": false
        }
      }
    },
    {
      "description": "Roundcube Webmail versions 1.7.x ant\u00e9rieures \u00e0 1.7-rc6",
      "product": {
        "name": "Roundcube Webmail",
        "vendor": {
          "name": "Roundcube",
          "scada": false
        }
      }
    },
    {
      "description": "Roundcube Webmail versions 1.5.x ant\u00e9rieures \u00e0 1.5.15",
      "product": {
        "name": "Roundcube Webmail",
        "vendor": {
          "name": "Roundcube",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-35545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-35545"
    }
  ],
  "initial_release_date": "2026-03-30T00:00:00",
  "last_revision_date": "2026-04-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0373",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-03-30T00:00:00.000000"
    },
    {
      "description": "Ajout de la vuln\u00e9rabilit\u00e9 CVE-2026-35545",
      "revision_date": "2026-04-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Roundcube. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Vuln\u00e9rabilit\u00e9 dans Roundcube",
  "vendor_advisories": [
    {
      "published_at": "2026-03-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Roundcube security-updates-1.7-rc6-1.6.15-1.5.15",
      "url": "https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15"
    }
  ]
}

CVE-2026-35545 (GCVE-0-2026-35545)

Vulnerability from cvelistv5

Published

2026-04-03 04:02

Modified

2026-04-03 15:36

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE

CWE-669 - Incorrect Resource Transfer Between Spheres

Summary

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke.

References

URL

Tags

	https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15
	https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc6
	https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46
	https://github.com/roundcube/roundcubemail/releases/tag/1.6.15
	https://github.com/roundcube/roundcubemail/commit/9d18d524f3cc211003fc99e2e54eed09a2f3da88
	https://github.com/roundcube/roundcubemail/releases/tag/1.5.15
	https://github.com/roundcube/roundcubemail/commit/fe1320b199d3a2f58351bb699c9ed4316e73221b

Impacted products

	Vendor	Product	Version
	Roundcube	Webmail	Version: 0 ≤ Version: 1.6.0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-35545",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-03T15:35:57.759054Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-03T15:36:13.062Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Webmail",
          "vendor": "Roundcube",
          "versions": [
            {
              "lessThan": "1.5.15",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.6.15",
              "status": "affected",
              "version": "1.6.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.5.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:a:roundcube:webmail:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.6.15",
                  "versionStartIncluding": "1.6.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-669",
              "description": "CWE-669 Incorrect Resource Transfer Between Spheres",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-03T04:14:03.451Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://roundcube.net/news/2026/03/29/security-updates-1.7-rc6-1.6.15-1.5.15"
        },
        {
          "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc6"
        },
        {
          "url": "https://github.com/roundcube/roundcubemail/commit/7ad62de184368bf42c0f522d1aacc030f5ddcc46"
        },
        {
          "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.15"
        },
        {
          "url": "https://github.com/roundcube/roundcubemail/commit/9d18d524f3cc211003fc99e2e54eed09a2f3da88"
        },
        {
          "url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.15"
        },
        {
          "url": "https://github.com/roundcube/roundcubemail/commit/fe1320b199d3a2f58351bb699c9ed4316e73221b"
        }
      ],
      "x_generator": {
        "engine": "CVE-Request-form 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2026-35545",
    "datePublished": "2026-04-03T04:02:06.765Z",
    "dateReserved": "2026-04-03T04:02:06.302Z",
    "dateUpdated": "2026-04-03T15:36:13.062Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CERTFR-2026-AVI-0373

Vulnerability from certfr_avis

Solutions

CVE-2026-35545 (GCVE-0-2026-35545)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature