VDB
TNCVE-2026-26079
TNCVE-2026-26079
PUBLISHED
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
Timeline
- Feb 11, 2026 CVE Published
References
- Tenable: CVE-2026-26079 advisory