debian · CVE-2026-48848

Quick triage

Priority: not yet assigned Published: Updated: Fri, 03 Jul 2026 00:59:42 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2026-48848 not yet assigned priority: Debian including 1 source packages (roundcube), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.

Description:

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSS) injection via an SVG document that has an animate element with the attributeName attribute.

cvelogic Threat Intelligence