CVE-2026-21618

Name of the Vulnerable Software and Affected Versions hexpm versions 617e44c71f1dd9043870205f371d375c5c4d886d through c692438684ead90c3bcbfb9ccf4e63c768c668a8 hex.pm versions prior to 2026-01-19

Description An issue exists in hexpm related to improper neutralization of input during web page generation, leading to a Cross-Site Scripting (XSS) condition. The issue is present in the 'Elixir.HexpmWeb.SharedAuthorizationView' modules, specifically within the render grouped scopes/3 routine and the 'lib/hexpm web/views/shared authorization view.ex' file. The vulnerability allows for the execution of malicious scripts through crafted input.

Recommendations Update hexpm from version 617e44c71f1dd9043870205f371d375c5c4d886d to version c692438684ead90c3bcbfb9ccf4e63c768c668a8. Update hex.pm to a version after 2026-01-19.