CVE-2026-48843
Possible ATT&CK Techniques 3AI
T1048 · Exfiltration Over Alternative Protocol T1071 · Application Layer Protocol T1059 · Command and Scripting InterpreterGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-48843
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix for CVE-2026-35540.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Roundcube Webmail 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Roundcube Webmail是Roundcube开源的一款基于浏览器的开源IMAP客户端,它支持地址薄管理、信息搜索、拼写检查等。 Roundcube Webmail 1.6.x 1.6.14至1.6.16版本和1.7.x 1.7.1之前版本存在代码问题漏洞,该漏洞源于HTML邮件中CSS清理不足,可能导致SSRF或信息泄露。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-48843
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 8023 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-48843
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-48843 (2)
Vendor Advisories for CVE-2026-48843 (1)
Vendor Pages for CVE-2026-48843 (2)
Same Patch Batch · Roundcube · 2026-05-25 · 8 CVEs total
| CVE-2026-48842 | 8.1 HIGH | Roundcube Webmail SQL注入漏洞 |
| CVE-2026-48844 | 7.5 HIGH | Roundcube Webmail 安全漏洞 |
| CVE-2026-48848 | 7.2 HIGH | Roundcube Webmail 跨站脚本漏洞 |
| CVE-2026-48846 | 6.5 MEDIUM | Roundcube Webmail 安全漏洞 |
| CVE-2026-48845 | 6.5 MEDIUM | Roundcube Webmail 安全漏洞 |
| CVE-2026-48849 | 4.4 MEDIUM | Roundcube Webmail 跨站脚本漏洞 |
| CVE-2026-48847 | 3.7 LOW | Roundcube Webmail 安全漏洞 |
IV. Related Vulnerabilities
Same weakness: CWE-918
- CVE-2026-9813
FlowIntel external reference URL probe allows server-side re - CVE-2026-5737
Independent Analytics <= 2.14.9 - Unauthenticated Server-Sid - CVE-2026-48148
Budibase: Unvalidated VectorDB Host Parameter Enables SSRF - CVE-2026-45548
Budibase: SSRF in AI Extract File Automation Step via Missin - CVE-2026-45715
Budibase: SSRF Bypass via HTTP Redirect in REST Datasource I
V. Comments for CVE-2026-48843
No comments yet