PT-2026-45936 · Thinkst Applied Research · Canarytokens
Gaurav Popalghat
·
Published
2026-06-03
·
Updated
2026-06-03
·
CVE-2026-10729
CVSS v4.0
1.2
Low
| Vector | AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:P/AU:N/RE:L/U:Green |
Name of the Vulnerable Software and Affected Versions
Thinkst Applied Research Canarytokens versions sha-c42435e through sha-bfda4df
Thinkst Applied Research Canarytokens versions c42435e through bfda4df
Description
An HTML injection issue exists in the notification emails for "Slow Redirect" and "Cloned Website" Canarytokens. This allows for Interface Manipulation and Cross-Site Scripting (XSS), which is a technique where malicious scripts are injected into trusted websites or emails, in email clients that render HTML emails.
Recommendations
Update Thinkst Applied Research Canarytokens to Docker tag sha-bfda4df or later.
Update Thinkst Applied Research Canarytokens to Git commit bfda4df or later.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Canarytokens