Vulnerabilities

CVE-2026-40472

by Fred · 23/04/2026

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML
href attributes without proper sanitization, enabling stored
Cross-Site Scripting (XSS) attacks.

More information : https://osv.dev/vulnerability/HSEC-2026-0004

Similar

Tags: Cybersecurity Alert