Bug 35235 - Roundcubemail: Security issue
Summary: Roundcubemail: Security issue
Status: RESOLVED DUPLICATE of bug 35237
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Marc Krämer
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2026-03-19 21:04 CET by Marc Krämer
Modified: 2026-03-20 00:14 CET (History)
0 users

See Also:
Source RPM: roundcubemail
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marc Krämer 2026-03-19 21:04:36 CET 
https://github.com/roundcube/roundcubemail/releases/tag/1.6.14


- Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler, reported by y0us.
- Fix bug where a password could get changed without providing the old password, reported by flydragon777.
- Fix IMAP Injection + CSRF bypass in mail search, reported by Martila Security Research Team.
- Fix remote image blocking bypass via various SVG animate attributes, reported by nullcathedral.
- Fix remote image blocking bypass via a crafted body background attribute, reported by nullcathedral.
- Fix fixed position mitigation bypass via use of !important, reported by nullcathedral.
- Fix XSS issue in a HTML attachment preview, reported by aikido_security.
- Fix SSRF + Information Disclosure via stylesheet links to a local network hosts, reported by Georgios Tsimpidas (aka Frey), Security Researcher at https://i0.rs/.
Comment 1 katnatek 2026-03-20 00:14:39 CET 
Duplicated

*** This bug has been marked as a duplicate of bug 35237 ***

Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.