Home / mailings [USN-8482-1] Roundcube Webmail vulnerability
Posted on 30 June 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8482-1
June 30, 2026
roundcube vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
Summary:
Roundcube Webmail could be made to run programs as your login if it opened
a malicious website.
Software Description:
- roundcube: skinnable AJAX based webmail solution for IMAP servers - metapack
Details:
It was discovered that Roundcube Webmail was prone to a Cross-Site-Scripting
(XSS) vulnerability via the animate tag in an SVG document. An attacker
could use this issue to execute arbitrary web script in the context of an
affected user's session.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
roundcube 1.6.11+dfsg-1ubuntu0.26.04.1~esm1
Available with Ubuntu Pro
roundcube-core 1.6.11+dfsg-1ubuntu0.26.04.1~esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8482-1
CVE-2025-68461
--===============5671494414827169538==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
