PT-2026-51301 · Google+1 · Google Chat+1
Github.Com/Geo-Chen
·
Published
2026-06-22
·
Updated
2026-06-22
·
CVE-2026-12888
CVSS v4.0
2.0
Low
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:P/AU:N/RE:L/U:Green |
Name of the Vulnerable Software and Affected Versions
Canarytokens versions sha-4aef1db90 through sha-8ab4dccd
Description
An HTML injection issue exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens. This allows for interface manipulation in Google Chat by inserting limited HTML content, including links.
Recommendations
Update Canarytokens to version sha-8ab4dccd or later.
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Canarytokens
Google Chat