CVE-2026-24474

CVSS v4.0

5.3

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Dioxus Components versions prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a

Description The use animated open function in Dioxus Components improperly formats a string for use with the eval function, allowing a user-supplied id to be included. This could lead to arbitrary code execution.

Recommendations Update to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a or a later version.

Exploit

Fix

Eval Injection

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-95CWE-94

Related Identifiers

CVE-2026-24474

GHSA-34PJ-292J-XR69

Affected Products

Dioxus Components

CVE-2026-24474

Weakness Enumeration

Related Identifiers

Affected Products

References · 7