https://nullcathedral.com/tags/email-security/Where nothing is sacred.en-usNULL CATHEDRALSun, 08 Feb 2026 00:00:00 +0000Sun, 15 Feb 2026 14:00:00 +0000https://www.rssboard.org/rss-specification60https://nullcathedral.com/favicon.svghttps://nullcathedral.com/https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/Roundcube's HTML sanitizer doesn't treat SVG feImage href as an image source. Attackers can bypass remote image blocking to track email opens. (CVE-2026-25916)vulnerabilityroundcubesvgemail-securityhttps://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/Sun, 08 Feb 2026 00:00:00 +0000