PT-2026-28634 · Thales · Thales Sentinel Ldk Runtime
Josh Dillon
·
Published
2026-03-27
·
Updated
2026-03-27
·
CVE-2026-3457
CVSS v4.0
8.3
High
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N |
Name of the Vulnerable Software and Affected Versions
Thales Sentinel LDK Runtime versions prior to 10.22
Description
The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting (XSS). This means that malicious scripts can be injected into web pages viewed by other users. The issue affects the software on Windows systems.
Recommendations
Update Thales Sentinel LDK Runtime to version 10.22 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Thales Sentinel Ldk Runtime