vulnerability
Ubuntu: (CVE-2021-26925): roundcube vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Feb 9, 2021 | Nov 19, 2024 | Mar 27, 2026 |
Severity
4
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Feb 9, 2021
Added
Nov 19, 2024
Modified
Mar 27, 2026
Description
Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
Solution
ubuntu-upgrade-roundcube
References
- CVE-2021-26925
- https://attackerkb.com/topics/CVE-2021-26925
- CWE-79
- EUVD-EUVD-2021-13707
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2021-13707
- https://github.com/roundcube/roundcubemail/commit/9dc276d5f26042db02754fa1bac6fbd683c6d596
- https://roundcube.net/news/2021/02/08/security-update-1.4.11
- https://www.cve.org/CVERecord?id=CVE-2021-26925
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.