CVE-2026-27902

ADVISORY - github

Summary

Errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError.

EPSS Score⁠: 0.00032 (0.089)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-79⁠

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADVISORY - github

CWE-79⁠

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADVISORY - redhat

CWE-79⁠

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Impacted images

Advisories

NIST

CREATED

9 days ago

UPDATED

2 days ago

ADVISORY IDCVE-2026-27902⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-79⁠

CVSS SCORE

5.3medium

GitHub

CREATED

9 days ago

UPDATED

9 days ago

ADVISORY IDGHSA-qgvg-pr8v-6rr3⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-79⁠

CVSS SCORE

5.3medium

Red Hat

CREATED

9 days ago

UPDATED

7 days ago

ADVISORY IDCVE-2026-27902⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-79⁠

CVSS SCORE

4.2medium