Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22.
AnalysisAI
Stored cross-site scripting in Thales Sentinel LDK Runtime on Windows allows attackers with local access to inject malicious scripts that execute with high integrity impact. All versions before 10.22 are affected. The CVSS 4.0 base score of 7.0 reflects local attack vector with no privileges required and no user interaction. Proof-of-concept exploit code exists (CVSS:4.0 E:P). CISA KEV does not list this vulnerability as actively exploited at time of analysis.
Technical ContextAI
This vulnerability affects the Sentinel LDK Runtime (cpe:2.3:a:thales:sentinel_ldk_runtime:*:*:*:*:*:*:*:*), a software licensing solution from Thales that provides digital rights management and software protection capabilities on Windows platforms. The root cause is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). Unlike reflected XSS, this stored variant allows persistent malicious scripts to be embedded in the application's data layer, which are then rendered to victims during normal application usage. The local attack vector (AV:L) indicates the attacker requires local system access to inject the payload, though the high integrity impact (VI:H) and supplemental integrity impact (SI:H) suggest significant potential for privilege escalation or system compromise once the payload executes.
RemediationAI
Upgrade Thales Sentinel LDK Runtime to version 10.22 or later to address this vulnerability. The vendor advisory containing patch details is available at https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=5c18186b478aa950128dca72e36d4391&sysparm_article=KB0027106. Organizations unable to immediately patch should implement compensating controls including restricting local system access to trusted users only, monitoring for suspicious script injection attempts in LDK-related data stores, and implementing application-level content security policies where feasible. Given the local attack vector requirement, enforcing strict physical and logical access controls to systems running Sentinel LDK Runtime provides interim risk reduction until patching is completed.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-16575