[MEDIUM] Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message

PKSA-hnx5-g7mc-vpff CVE-2026-35545 GHSA-w846-74jr-76cv

Affected package: roundcube/roundcubemail

Affected version: >=1.7-beta,<1.7-rc5

Reported by:
GitHub