Roundcube Webmail CSS Injection Vulnerability via Mishandled Comments Before 1.5.13 and 1.6.13
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
Published 2026-02-11 05:16:29
Updated 2026-02-11 15:27:26
Source MITRE
View at NVD, CVE.org, EUVD
We have updated our version of Roundcube and regenerated the server security keys. We are advising our users to regenerate their browser security keys as well to maintain end-to-end encryption
