Vulnerabilities

CVE-2026-41591

by Fred · 08/05/2026

Marko is a declarative, HTML-based language for building web apps. Prior to marko version 5.38.36 and prior to @marko/runtime-tags 6.0.164, when dynamic text is interpolated into a

, etc. and inject arbitrary HTML/JavaScript, resulting in cross-site scripting. This issue has been patched in marko version 5.38.36 and @marko/runtime-tags 6.0.164.

More information : https://github.com/marko-js/marko/security/advisories/GHSA-x9fj-57fh-c8wq

Similar

Tags: Cybersecurity Alert