Security News

Cybersecurity news aggregator

🐧
MEDIUM Updates Debian Security

DSA-6137-1 roundcube - security update

roundcubedebiandsacve-2026-25916cve-2026-26079
  • What: Debian has released a security update for roundcube, a webmail solution, to address multiple vulnerabilities.
  • Impact: An attacker could exploit these vulnerabilities to perform unauthorized actions.
Read Full Article →

[SECURITY] [DSA 6137-1] roundcube security update To : debian-security-announce@lists.debian.org Subject : [SECURITY] [DSA 6137-1] roundcube security update From : Sebastien Delafond < seb@debian.org > Date : Tue, 17 Feb 2026 08:52:20 +0000 Message-id : < [🔎] E1vsGoe-005gzy-1a@seger.debian.org > Reply-to : debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6137-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 17, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : roundcube CVE ID : CVE-2026-25916 CVE-2026-26079 Debian Bug : 1127447 CERT Polska and nullcathedral discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow an attacker to perform CSS injection attacks, or leak sensitive information. For the oldstable distribution (bookworm), these problems have been fixed in version 1.6.5+dfsg-1+deb12u7. For the stable distribution (trixie), these problems have been fixed in version 1.6.13+dfsg-0+deb13u1. We recommend that you upgrade your roundcube packages. For the detailed security status of roundcube please refer to its security tracker page at: https://security-tracker.debian.org/tracker/roundcube Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmmUKkQACgkQEL6Jg/PV nWQ0NAgAvdHKGB22tlcUBuKvPg9z0/3BF1ge8wzJzvj+jz0nKhGO9j4C02YJWOcQ p+5VQVnna1pY2p0PiEN5EG2y9ZMOmojRHg8oPYbzBEk6PB2M9tiKe/9CIxdOP29B 39YzlNntDz3Ag0VyiDzaSgoVqKJDknoDWCiyk/Jg4qTD6fpUZXoxtzw2y2yI4huX NS20Jo1rfeeyPiw/O2jYWbmL5yoGx+UdLSbbKCByrNlzm70/TQETr56tB8iCC8KU BD7uOB5pcyIwhIu6unHw0P4RjZXbFtT85zllwg5r+8QHn3sC8OlUy8u9L4fGCYKa Qi9+H68HTqrqJcAgZeQOg8Fj5PRADA== =kMFK -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Sebastien Delafond (on-list) Sebastien Delafond (off-list) Prev by Date: [SECURITY] [DSA 6136-1] python-django security update Previous by thread: [SECURITY] [DSA 6136-1] python-django security update Index(es): Date Thread

Related Articles

HIGH USN-8223-1: Roundcube Webmail vulnerabilities Ubuntu Security MEDIUM CVE-2026-25916: Roundcube Webmail XSS Vulnerability Web Discovery MEDIUM CVE-2026-26079: Roundcube Webmail CSS Injection Vulnerability Web Discovery MEDIUM NVD - CVE-2026-26079 Web Discovery
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn