Main Vulnerability Database Exploits ID:12398 - Exploit for Protection mechanism failure in Roundcube - CVE-2026-25916

ID:12398 - Exploit for Protection mechanism failure in Roundcube - CVE-2026-25916

Published: February 13, 2026

Vulnerability identifier: #VU122451

Vulnerability risk: Medium

CVE-ID: CVE-2026-25916

CWE-ID: CWE-693

Exploitation vector: Remote access

Vulnerable software:
Roundcube

Link to public exploit:

https://github.com/mbanyamer/CVE-2026-25916-Roundcube-Webmail-DOM-based-XSS-Exploit-via-SVG-href-Attribute

Vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. A remote attacker can send a specially crafted email and bypass image blocking via SVG content.

Remediation

Install updates from vendor's website.

ID:12398 - Exploit for Protection mechanism failure in Roundcube - CVE-2026-25916

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human