CVE-2026-48845
MEDIUM NVDCVSS Score
6.5
Severity
MEDIUM
Source
NVD
Published
May 25, 2026
Description
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message.