PT-2026-40329 · Antsword · Antsword

Published

2026-05-12

Updated

2026-05-12

CVE-2026-43892

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions AntSword versions prior to 2.1.16

Description Incomplete sanitization in the noxss() function allows for 1-click Remote Code Execution (RCE) through jquery.terminal format code injection.

Recommendations Update to version 2.1.16. As a temporary workaround, restrict the use of the noxss() function until the update is applied.

Fix

RCE

XSS

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-1188CWE-94

Related Identifiers

CVE-2026-43892

Affected Products

Antsword

PT-2026-40329 · Antsword · Antsword

CVE-2026-43892

Weakness Enumeration

Related Identifiers

Affected Products

References · 4