PT-2026-52630 · Red Hat · Pen Drive Powered By Red Hat Lightspeed

Jon Weiser

Published

2026-06-25

Updated

2026-06-26

CVE-2026-13083

CVSS v3.1

6.9

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting (XSS) payload into cluster objects (such as ClusterVersion spec.channel) that executes in the browser of any user who opens the generated HTML report.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-13083

PT-2026-52630 · Red Hat · Pen Drive Powered By Red Hat Lightspeed

CVE-2026-13083

Weakness Enumeration

Related Identifiers

Affected Products

References · 3