UnratedRed Hat & Ubuntu Linux Exploited CISA KEV
Roundcube Webmail vulnerability
USN-8482-1 Published Jun 30, 2026
CVE-2025-68461
Affected products & platforms
Red Hat & Ubuntu LinuxUnclassified
Summary
It was discovered that Roundcube Webmail was prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document. An attacker could use this issue to execute arbitrary web script in the context of an affected user's session. Affected Ubuntu releases: 26.04. CVEs: CVE-2025-68461.
CISA Known Exploited Vulnerability
- Listed:
- Feb 20, 2026 · federal remediation due Mar 13, 2026
- Required action:
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Ransomware use:
- Unknown
KEV is a prioritization signal from CISA — remediation detail still comes from the vendor advisory.
Affected versions
- Ubuntu 26.04
Official advisory · medium-confidence parse· fetched 1 hour ago·verify at source
Mitigation checklist
Recommended fix / mitigation
- Apply available updates: `sudo apt update && sudo apt upgrade` (a standard system update installs the fix).
Official advisory · medium-confidence parse· fetched 1 hour ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.