Sign In

CVE-2026-27119

ADVISORY - github

Summary

In certain circumstances, the server-side rendering output of an <option> element does not properly escape its content, potentially allowing HTML injection in the SSR output. Client-side rendering is not affected.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADVISORY - github

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2026-27119
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-79

CVSS SCORE

5.1medium

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-h7h7-mm68-gmrc
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-79

CVSS SCORE

5.1medium