CVE-2026-0858

Name of the Vulnerable Software and Affected Versions net.sourceforge.plantuml:plantuml versions prior to 1.2026.0

Description The software is susceptible to a Stored Cross-Site Scripting (XSS) issue because of inadequate sanitization of interactive attributes within GraphViz diagrams. A specially designed PlantUML diagram can inject malicious JavaScript into the generated SVG output, potentially allowing for arbitrary script execution when applications render the SVG.

Recommendations Update to version 1.2026.0 or later.