Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2026-25916
CVE-2026-25916
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.
Published Feb 10, 2026
https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/
CVSS Score
Medium
4.3
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
No packages found
Try adjusting your search terms.
CVE-2026-25916 | Components Impacted | Sonatype Guide | Sonatype Guide
