PT-2026-42781 · Cleanstart+9 · Apko+79
Ensy
·
Published
2026-05-22
·
Updated
2026-07-06
·
CVE-2026-27136
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
The product name cannot be determined (affected versions not specified)
Description
Parsing arbitrary HTML that is subsequently rendered using the
Render function can lead to the creation of an unexpected HTML tree. This behavior can be exploited to perform Cross-Site Scripting (XSS) attacks—a technique where malicious scripts are injected into trusted websites—specifically in applications that attempt to sanitize input HTML before the rendering process.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Clickjacking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apko
Argo Cd
Argo Workflows
Buildah
Cadvisor
Calicoctl
Cert-Manager
Cilium-Cli
Cloudnativepg
Cni-Plugins
Kubernetes Containerd
Cortex
Cri-Tools
Docker-Cli-Buildx
Dracut-Saltboot
Elastic-Beats
Elemental-Operator
Elemental-Toolkit
Etcd
External-Secrets
Golang-Github-Qubitproducts-Exporter Exporter
Golang-Github-Boynux-Squid Exporter
Golang-Github-Lusitaniae-Apache Exporter
Golang-Github-Prometheus-Alertmanager
Golang-Github-Prometheus-Node Exporter
Golang-Github-Prometheus-Prometheus
Golang-Golang-X-Net
Golang-Golang-X-Net-Dev
Golang.Org/X/Net
Golang.Org/X/Net/Html
Google-Guest-Agent
Gostatsd
Grafana
Grype
Helm
Helm-Operator
Ingress-Nginx-Controller-1.14
Ingress-Nginx-Controller-1.15
Istio
Kube-State-Metrics
Kube-Vip
Kubernetes-Csi-External-Provisioner-Fips
Kubernetes-Csi-External-Snapshotter-Fips
Kubernetes-Csi-Livenessprobe-Fips
Mcphost
Memcached-Exporter
Metallb
Mgr-Push
Mongodb
Mountpoint-S3-Csi-Driver
Neonmodem
Net
Newrelic-Infrastructure-Agent
Osv-Scanner
Percona-Server-Mongodb-Operator
Percona-Xtradb-Cluster-Operator-Fips
Podman
Prometheus Blackbox Exporter
Prometheus-Postgres Exporter
Python-Defusedxml-Sle15
Rabbitmq-Messaging-Topology-Operator
Rclone
Rhnlib
Rootlesskit
Runc
Sealed-Secrets
Skopeo
Spacecmd
Spacewalk-Client-Tools
Spice-Server
Spire-Server-Fips
Supportutils-Plugin-Salt
Supportutils-Plugin-Susemanager-Client
Trivy
Uyuni-Common-Libs
Uyuni-Tools
Vault
Velociraptor
Wave
Yq