CVE-2026-41469

Name of the Vulnerable Software and Affected Versions Beghelli Sicuro24 SicuroWeb (affected versions not specified)

Description Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy (CSP), which is a security layer that helps detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. This absence allows the unrestricted loading of external JavaScript resources from attacker-controlled origins. When combined with template injection and sandbox escape issues within the application, this lack of CSP removes browser-enforced restrictions, enabling the loading of arbitrary remote payloads into operator browser sessions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.