Roundcube Incorrect Resource Transfer Between Spheres Vulnerability - CVE-2026-35540 - Vulnerability Database

Roundcube Incorrect Resource Transfer Between Spheres Vulnerability - CVE-2026-35540

Medium

Reference: CVE-2026-35540

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-35540

Title: Roundcube Incorrect Resource Transfer Between Spheres Vulnerability

Overview:

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure e.g. if stylesheet links point to local network hosts.