A vulnerability, which was classified as problematic , has been found in Roundcube Webmail up to 1.5.13/1.6.13 . This affects an unknown function of the component BODY Element Handler . The manipulation leads to incorrect resource transfer. This vulnerability is referenced as CVE-2026-35542 . Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.