Northern.Tech · Cfengine · CVE-2026-24710
**Name of the Vulnerable Software and Affected Versions**
CFEngine Enterprise versions prior to 3.21.8
CFEngine Enterprise versions prior to 3.24.3
CFEngine Enterprise versions prior to 3.27.0
**Description**
Cross-site Scripting (XSS) is possible in the software, which allows an attacker to inject malicious scripts into web pages viewed by other users.
**Recommendations**
Update to version 3.21.8 or later.
Update to version 3.24.3 or later.
Update to version 3.27.0 or later.