Stats Digest Feeds
โ† Back to all CVEs

CVE-2026-62643

HIGH NVD
CVSS Score 7.2
Severity HIGH
Published Jul 14, 2026
Vendor unknown

Description

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. NOTE: this issue exists because of insufficient fixes for CVE-2026-35540 and CVE-2026-48843.

References