[MEDIUM] Roundcube: Bypass of remote image blocking via crafted BODY background attribute

PKSA-kj9x-s73h-chn8 CVE-2026-35542 GHSA-5hf6-crg4-fg59

Affected package: roundcube/roundcubemail

Affected version: >=1.7-beta,<1.7-rc5

Reported by:
GitHub