Debian Roundcube Important CSS Injection Threat DSA-6137-1 CVE-2026-25916
Posted: Tue Feb 17, 2026 8:52 am
CERT Polska and nullcathedral discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow an attacker to perform CSS injection attacks, or leak sensitive information. For the oldstable distribution (bookworm), these problems have been fixed
Source: https://linuxsecurity.com/advisories/de ... 2026-25916
Source: https://linuxsecurity.com/advisories/de ... 2026-25916