CVE-2026-48848 | Roundcube Webmail up to 1.6.15/1.7.0 SVG Document attributeName cross site scripting

A vulnerability described as problematic has been identified in Roundcube Webmail up to 1.6.15/1.7.0. Affected by this vulnerability is an unknown functionality of the component SVG Document Handler. Such manipulation of the argument attributeName leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-48848. The attack can be launched remotely. No exploit exists.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More