Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN135
_____________________________________________________________________

DATE                : 09/02/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Roundcube Webmail prior to 1.6.13,
                                         1.5.13.

=====================================================================
https://roundcube.net/news/2026/02/08/security-updates-1.6.13-and-1.5.13
_____________________________________________________________________

Security updates 1.6.13 and 1.5.13 released

Published: 08 February 2026

    Tags: releases updates security 

We just published security updates to the 1.6 and 1.5 LTS versions of
Roundcube Webmail. They both contain fixes for recently reported two
security vulnerabilities.


Security fixes

    Fix CSS injection vulnerability reported by CERT Polska.
    Fix remote image blocking bypass via SVG content reported by
nullcathedral.

See the full changelogs in the release notes on the Github download
pages for the updated versions 1.6.13 and 1.5.13.

We strongly recommend to update all productive installations of
Roundcube 1.6.x and 1.5.x with this new versions.

 
=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================