CVE-2026-25647

Name of the Vulnerable Software and Affected Versions Lute versions prior to 1.7.7

Description Lute, a structured Markdown engine supporting Go and JavaScript, contains a Stored Cross-Site Scripting (XSS) issue in its Markdown rendering engine. An attacker can inject malicious JavaScript into Markdown text or a note. When another user clicks the rendered content, the script executes within their session.

Recommendations Update to version 1.7.7 or later.