This is a critical vulnerability that potentially allows an attacker to retrieve the plaintext of an encrypted mail.
I don't think we are vulnerable against "Direct Exfiltration". Inidividual parts are rendered separately, and the attack relies on the parser stitching the whole content together to generate the malicious html content.
I think we are vulnerable against "CBC/CFB Gadget Attack" because there the malicious img tag is inserted directly into the decryption result, so there isn't much we can do besides disabling loading of images.