Vulnerabilities

CVE-2026-38948

by Fred · 28/04/2026

Cross-Site Scripting (XSS) vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-privileged authenticated user to upload a crafted SVG file containing malicious code.

More information : https://github.com/Chittu13/cve-research/blob/main/CVE-2026-38948/README.md

Similar

Tags: Cybersecurity Alert