HarborGuard / CVE
Back to search
CRITICALCVE-2026-40472Published Modified CNA redhat-cnalr

CVE-2026-40472: Hackage package metadata stored XSS vulnerability

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting (XSS) attacks.

Metrics

CVSS v3.1
9.9
Severity
CRITICAL
Fixed in
*
Affected Products
1

Fix available

*
Affected packages
  • unknown
    < * (from 0.1)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
References