NULL CATHEDRAL - Svg
https://nullcathedral.com/tags/svg/
Generated: 2026-02-15
================================================================================

2026-02-08 | Roundcube Webmail <1.5.13 / <1.6.13 allows attackers to force remote image loads via SVG feImage
https://nullcathedral.com/posts/2026-02-08-roundcube-svg-feimage-remote-image-bypass/
Roundcube's HTML sanitizer doesn't treat SVG feImage href as an image source. Attackers can bypass remote image blocking to track email opens. (CVE-2026-25916)