USN-8482-1: Roundcube Webmail vulnerability
Publication date
30 June 2026
Overview
Roundcube Webmail could be made to run programs as your login if it opened a malicious website.
Releases
Packages
- roundcube - skinnable AJAX based webmail solution for IMAP servers - metapack
Details
It was discovered that Roundcube Webmail was prone to a Cross-Site-Scripting
(XSS) vulnerability via the animate tag in an SVG document. An attacker
could use this issue to execute arbitrary web script in the context of an
affected user's session.
It was discovered that Roundcube Webmail was prone to a Cross-Site-Scripting
(XSS) vulnerability via the animate tag in an SVG document. An attacker
could use this issue to execute arbitrary web script in the context of an
affected user's session.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 26.04 LTS resolute | roundcube – 1.6.11+dfsg-1ubuntu0.26.04.1~esm1 | ||
| roundcube-core – 1.6.11+dfsg-1ubuntu0.26.04.1~esm1 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.