CVE-2026-48846 | Roundcube Webmail up to 1.6.15/1.7.0 CSS var resource transfer

A vulnerability identified as critical has been detected in Roundcube Webmail up to 1.6.15/1.7.0. This affects the function var of the component CSS Handler. The manipulation leads to incorrect resource transfer.

This vulnerability is traded as CVE-2026-48846. It is possible to initiate the attack remotely. There is no exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More