[MEDIUM] Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages

PKSA-wvxn-8qzx-v8n9 CVE-2026-35544 GHSA-xpqh-grpw-4xmg

Affected package: roundcube/roundcubemail

Affected version: >=1.7-beta,<1.7-rc5

Reported by:
GitHub