CVE-2026-25681

Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)

Description Parsing arbitrary HTML that is subsequently rendered using the Render function can lead to the creation of an unexpected HTML tree. This behavior can be exploited to perform Cross-Site Scripting (XSS) attacks—a technique where malicious scripts are injected into trusted websites—specifically in applications that attempt to sanitize input HTML before the rendering process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.