Dioxus Components CVE-2026-24474
Lifecycle Timeline
2DescriptionCVE.org
Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, use_animated_open formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue.
AnalysisAI
Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, use_animated_open formats a string for eval with an id that can be user supplied.
Technical ContextAI
Classified as CWE-94 (Code Injection). Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, use_animated_open formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue.
Affected ProductsAI
Dioxus Components is a shadcn-style component library for the Dioxus app framework
RemediationAI
Monitor vendor advisories for a patch.
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today