[MEDIUM] Roundcube Webmail: Insufficient HTML attachment sanitization in preview mode

PKSA-3z5p-dc2d-4drb CVE-2026-35539 GHSA-x4q5-8j5g-hpjc

Affected package: roundcube/roundcubemail

Affected version: >=1.7-beta,<1.7-rc5

Reported by:
GitHub