A vulnerability described as problematic has been identified in Roundcube Webmail up to 1.6.15/1.7.0 . Affected by this vulnerability is an unknown functionality of the component SVG Document Handler . Such manipulation of the argument attributeName leads to cross site scripting. This vulnerability is uniquely identified as CVE-2026-48848 . The attack can be launched remotely. No exploit exists. Upgrading the affected component is recommended.