PT-2026-42781 · Cleanstart+9 · Apko+79

Ensy

·

Published

2026-05-22

·

Updated

2026-07-06

·

CVE-2026-27136

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)
Description Parsing arbitrary HTML that is subsequently rendered using the Render function can lead to the creation of an unexpected HTML tree. This behavior can be exploited to perform Cross-Site Scripting (XSS) attacks—a technique where malicious scripts are injected into trusted websites—specifically in applications that attempt to sanitize input HTML before the rendering process.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CLEANSTART-2026-BA41349
CLEANSTART-2026-BE05060
CLEANSTART-2026-BX78383
CLEANSTART-2026-CH64198
CLEANSTART-2026-CL67452
CLEANSTART-2026-CN27900
CLEANSTART-2026-CX34942
CLEANSTART-2026-EA12165
CLEANSTART-2026-EU52554
CLEANSTART-2026-FA38569
CLEANSTART-2026-GM77447
CLEANSTART-2026-HO16255
CLEANSTART-2026-IH16568
CLEANSTART-2026-JI51299
CLEANSTART-2026-JL47330
CLEANSTART-2026-JY65496
CLEANSTART-2026-KJ72865
CLEANSTART-2026-LA96053
CLEANSTART-2026-MI06133
CLEANSTART-2026-MO16862
CLEANSTART-2026-MR08661
CLEANSTART-2026-MW09143
CLEANSTART-2026-MZ00063
CLEANSTART-2026-NT30039
CLEANSTART-2026-NU38786
CLEANSTART-2026-PF69993
CLEANSTART-2026-QN97697
CLEANSTART-2026-RE02723
CLEANSTART-2026-RF77222
CLEANSTART-2026-RL64341
CLEANSTART-2026-RQ86436
CLEANSTART-2026-SW10568
CLEANSTART-2026-UC73978
CLEANSTART-2026-UK19445
CLEANSTART-2026-VD09973
CLEANSTART-2026-VD47610
CLEANSTART-2026-VN16911
CLEANSTART-2026-VO11205
CLEANSTART-2026-VX15911
CLEANSTART-2026-WA48911
CLEANSTART-2026-WF25734
CLEANSTART-2026-WS85269
CLEANSTART-2026-XC13942
CLEANSTART-2026-XV65906
CLEANSTART-2026-YG71543
CLEANSTART-2026-YK91867
CVE-2026-27136
GO-2026-5030
OPENSUSE-SU-2026:10856-1
OPENSUSE-SU-2026:10923-1
OPENSUSE-SU-2026:10930-1
OPENSUSE-SU-2026:10941-1
OPENSUSE-SU-2026:11126-1
OPENSUSE-SU-2026:20892-1
OPENSUSE-SU-2026:20956-1
OPENSUSE-SU-2026:20963-1
OPENSUSE-SU-2026:20984-1
OPENSUSE-SU-2026:21120-1
SUSE-SU-2026:22065-1
SUSE-SU-2026:22066-1
SUSE-SU-2026:22074-1
SUSE-SU-2026:22075-1
SUSE-SU-2026:22193-1
SUSE-SU-2026:22226-1
SUSE-SU-2026:2285-1
SUSE-SU-2026:2706-1
SUSE-SU-2026:2733-1
SUSE-SU-2026:2768-1

Affected Products

Apko
Argo Cd
Argo Workflows
Buildah
Cadvisor
Calicoctl
Cert-Manager
Cilium-Cli
Cloudnativepg
Cni-Plugins
Kubernetes Containerd
Cortex
Cri-Tools
Docker-Cli-Buildx
Dracut-Saltboot
Elastic-Beats
Elemental-Operator
Elemental-Toolkit
Etcd
External-Secrets
Golang-Github-Qubitproducts-Exporter Exporter
Golang-Github-Boynux-Squid Exporter
Golang-Github-Lusitaniae-Apache Exporter
Golang-Github-Prometheus-Alertmanager
Golang-Github-Prometheus-Node Exporter
Golang-Github-Prometheus-Prometheus
Golang-Golang-X-Net
Golang-Golang-X-Net-Dev
Golang.Org/X/Net
Golang.Org/X/Net/Html
Google-Guest-Agent
Gostatsd
Grafana
Grype
Helm
Helm-Operator
Ingress-Nginx-Controller-1.14
Ingress-Nginx-Controller-1.15
Istio
Kube-State-Metrics
Kube-Vip
Kubernetes-Csi-External-Provisioner-Fips
Kubernetes-Csi-External-Snapshotter-Fips
Kubernetes-Csi-Livenessprobe-Fips
Mcphost
Memcached-Exporter
Metallb
Mgr-Push
Mongodb
Mountpoint-S3-Csi-Driver
Neonmodem
Net
Newrelic-Infrastructure-Agent
Osv-Scanner
Percona-Server-Mongodb-Operator
Percona-Xtradb-Cluster-Operator-Fips
Podman
Prometheus Blackbox Exporter
Prometheus-Postgres Exporter
Python-Defusedxml-Sle15
Rabbitmq-Messaging-Topology-Operator
Rclone
Rhnlib
Rootlesskit
Runc
Sealed-Secrets
Skopeo
Spacecmd
Spacewalk-Client-Tools
Spice-Server
Spire-Server-Fips
Supportutils-Plugin-Salt
Supportutils-Plugin-Susemanager-Client
Trivy
Uyuni-Common-Libs
Uyuni-Tools
Vault
Velociraptor
Wave
Yq