CVE-2026-23926

Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)

Description An authenticated administrator without super-user privileges can inject a JavaScript payload when creating a maintenance period. This payload is executed when any user opens the tooltip for that specific maintenance period within the Host navigator widget, potentially allowing the attacker to perform unauthorized actions based on the permissions of the user who triggers the tooltip.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.