Hi Guilhem, On Sun, Feb 08, 2026 at 11:41:28PM +0100, Guilhem Moulin wrote: > * CSS injection vulnerability reported by CERT Polska. > > https://github.com/roundcube/roundcubemail/commit/1f4c3a5af5033747f9685a8a395dbd8228d19816 > > https://github.com/roundcube/roundcubemail/commit/2b5625f1d2ef7e050fd1ae481b2a52dc35466447 > (regression) > > https://github.com/roundcube/roundcubemail/commit/53d75d5dfebef235a344d476b900c20c12d52b01 > (regression)
This one got now as well a CVE, CVE-2026-26079. Regards, Salvatore
