CVE-2026-30691

Name of the Vulnerable Software and Affected Versions @cyntler/react-doc-viewer version 1.17.1

Description A Cross-Site Scripting (XSS) issue exists where remote attackers can execute arbitrary JavaScript by using a crafted .txt file. This occurs because the TXTRenderer component does not sanitize file content and explicitly casts raw data as a ReactNode (a type representing any renderable content in React).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.