[MEDIUM] Roundcube Webmail: Bypass of remote image blocking via SVG content (with animate attributes) in an e-mail message

PKSA-qdpg-77hy-3x5t CVE-2026-35543 GHSA-j2g6-8rvg-7mf6

Affected package: roundcube/roundcubemail

Affected version: >=1.7-beta,<1.7-rc5

Reported by:
GitHub