PT-2026-31066 · Unknown+1 · Javascript Template Literals+1

Published

2026-04-07

Updated

2026-05-21

CVE-2026-32289

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions versions prior to 2.3

Description Improper tracking of context across template branches within JavaScript template literals could lead to incorrect content escaping when branches are used. Additionally, template actions inside these literals did not accurately track brace depth, resulting in incorrect escaping. These issues could cause actions within JavaScript template literals to be improperly escaped, potentially leading to cross-site scripting (XSS) vulnerabilities.

Recommendations Update to version 2.3 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2026-07253

BIT-GOLANG-2026-32289

CLEANSTART-2026-AC01087

CLEANSTART-2026-AH29678

CLEANSTART-2026-AN32474

CLEANSTART-2026-AP92343

CLEANSTART-2026-AP95632

CLEANSTART-2026-AQ65185

CLEANSTART-2026-AY53560

CLEANSTART-2026-AY89602

CLEANSTART-2026-BB70412

CLEANSTART-2026-BB83999

CLEANSTART-2026-BD19566

CLEANSTART-2026-BG69533

CLEANSTART-2026-BM53321

CLEANSTART-2026-BN28456

CLEANSTART-2026-BR79647

CLEANSTART-2026-BT04364

CLEANSTART-2026-BU65096

CLEANSTART-2026-CB00984

CLEANSTART-2026-CC08450

CLEANSTART-2026-CD13174

CLEANSTART-2026-CD71342

CLEANSTART-2026-CD91667

CLEANSTART-2026-CE10526

CLEANSTART-2026-CN84623

CLEANSTART-2026-CR55131

CLEANSTART-2026-CS02869

CLEANSTART-2026-DA99134

CLEANSTART-2026-DK45320

CLEANSTART-2026-DM19620

CLEANSTART-2026-DM93480

CLEANSTART-2026-DN70218

CLEANSTART-2026-DO31246

CLEANSTART-2026-DR81473

CLEANSTART-2026-DV49899

CLEANSTART-2026-DW32113

CLEANSTART-2026-EI06494

CLEANSTART-2026-EM93403

CLEANSTART-2026-EP10142

CLEANSTART-2026-FB07695

CLEANSTART-2026-FH54780

CLEANSTART-2026-FH63386

CLEANSTART-2026-FK40318

CLEANSTART-2026-FV86809

CLEANSTART-2026-GB02436

CLEANSTART-2026-GB36430

CLEANSTART-2026-GB46352

CLEANSTART-2026-GB83728

CLEANSTART-2026-GG06672

CLEANSTART-2026-GR41888

CLEANSTART-2026-GW28934

CLEANSTART-2026-GY48351

CLEANSTART-2026-GY76045

CLEANSTART-2026-GZ35045

CLEANSTART-2026-HF07497

CLEANSTART-2026-HI89495

CLEANSTART-2026-HK01840

CLEANSTART-2026-HM31566

CLEANSTART-2026-HQ88036

CLEANSTART-2026-IO64893

CLEANSTART-2026-IP78312

CLEANSTART-2026-IS19112

CLEANSTART-2026-IW91368

CLEANSTART-2026-IY98831

CLEANSTART-2026-JO51351

CLEANSTART-2026-JQ70227

CLEANSTART-2026-JV26120

CLEANSTART-2026-JY63371

CLEANSTART-2026-JZ43336

CLEANSTART-2026-KA21986

CLEANSTART-2026-KC83705

CLEANSTART-2026-KF86214

CLEANSTART-2026-KL61187

CLEANSTART-2026-KT28044

CLEANSTART-2026-LA67881

CLEANSTART-2026-LG79681

CLEANSTART-2026-LI56163

CLEANSTART-2026-LK73694

CLEANSTART-2026-LM43244

CLEANSTART-2026-LN66182

CLEANSTART-2026-LO63022

CLEANSTART-2026-LO90739

CLEANSTART-2026-LT10352

CLEANSTART-2026-LZ60917

CLEANSTART-2026-MI12470

CLEANSTART-2026-MI82983

CLEANSTART-2026-MK07381

CLEANSTART-2026-ML42911

CLEANSTART-2026-MR50866

CLEANSTART-2026-MV81821

CLEANSTART-2026-MW24969

CLEANSTART-2026-MW66533

CLEANSTART-2026-MX15076

CLEANSTART-2026-MX56097

CLEANSTART-2026-MZ44265

CLEANSTART-2026-NB51079

CLEANSTART-2026-NB55984

CLEANSTART-2026-NB83265

CLEANSTART-2026-NG28268

CLEANSTART-2026-NG75665

CLEANSTART-2026-NS33477

CLEANSTART-2026-NT10973

CLEANSTART-2026-NX54250

CLEANSTART-2026-OD56729

CLEANSTART-2026-OF37807

CLEANSTART-2026-OH43332

CLEANSTART-2026-OH47925

CLEANSTART-2026-OR40192

CLEANSTART-2026-OU18540

CLEANSTART-2026-PE52216

CLEANSTART-2026-PK19530

CLEANSTART-2026-PM81907

CLEANSTART-2026-PY36202

CLEANSTART-2026-QL45485

CLEANSTART-2026-QN98167

CLEANSTART-2026-QO29688

CLEANSTART-2026-QO30809

CLEANSTART-2026-QP84300

CLEANSTART-2026-QR52625

CLEANSTART-2026-QS28268

CLEANSTART-2026-QS87161

CLEANSTART-2026-QU88766

CLEANSTART-2026-RR42740

CLEANSTART-2026-RX06063

CLEANSTART-2026-SE34232

CLEANSTART-2026-SO13464

CLEANSTART-2026-SV08737

CLEANSTART-2026-TC76376

CLEANSTART-2026-TD06078

CLEANSTART-2026-TD94714

CLEANSTART-2026-TE02851

CLEANSTART-2026-TH33219

CLEANSTART-2026-TK06108

CLEANSTART-2026-TL66481

CLEANSTART-2026-TZ10716

CLEANSTART-2026-UF28691

CLEANSTART-2026-UO31069

CLEANSTART-2026-UQ68343

CLEANSTART-2026-UW03847

CLEANSTART-2026-UX07516

CLEANSTART-2026-UY10441

CLEANSTART-2026-VU08393

CLEANSTART-2026-VW96633

CLEANSTART-2026-VZ08395

CLEANSTART-2026-WA14162

CLEANSTART-2026-WA84208

CLEANSTART-2026-WB12909

CLEANSTART-2026-WB86581

CLEANSTART-2026-WB89098

CLEANSTART-2026-WL14185

CLEANSTART-2026-WO11084

CVE-2026-32289

GO-2026-4865

OPENSUSE-SU-2026:10514-1

OPENSUSE-SU-2026:10525-1

OPENSUSE-SU-2026:20570-1

OPENSUSE-SU-2026:20571-1

RHSA-2026:7291

RHSA-2026:7385

SUSE-SU-2026:1320-1

SUSE-SU-2026:1321-1

SUSE-SU-2026:1580-1

SUSE-SU-2026:1581-1

Affected Products

Javascript Template Literals

Red Os

PT-2026-31066 · Unknown+1 · Javascript Template Literals+1

CVE-2026-32289

Weakness Enumeration

Related Identifiers

Affected Products

References · 837