216.73.216.170

CVE-2026-0858

· Published 16/01/2026 05:16 · Modified 16/01/2026 15:55

Labels: CVE-2026-0858 2026-01-16CVE-2026-0858CWE-79[email protected]

Essential information

Published
16/01/2026 05:16
Modified
16/01/2026 15:55
Author
Creator
CVSS
5.1 MEDIUM (v3) 5.1 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Versions of the package net.sourceforge.plantuml:plantuml before 1.2026.0 are vulnerable to Stored XSS due to insufficient sanitization of interactive attributes in GraphViz diagrams. As a result, a crafted PlantUML diagram can inject malicious JavaScript into generated SVG output, leading to arbitrary script execution in the context of applications that render the SVG.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
net.sourceforge.plantuml / plantuml cpe:2.3:a:net.sourceforge.plantuml:plantuml:<1.2026.0:*:*:*:*:*:*:*

References