Skip to main content

Canarytokens

6 CVEs product

Monthly

CVE-2026-13140 LOW Monitor

Stored XSS in the AWS API key store component of Thinkst Applied Research Canarytokens allows a low-privileged attacker who knows a token's random identifier to inject persistent malicious scripts that execute in a victim's browser when they view the affected token page. Exploitation is constrained by high attack complexity (AC:H), a prerequisite attack requirement (knowledge of a random identifier), low-privilege authentication, and active user interaction - reflected in an extremely low CVSS 4.0 base score of 1.1. No active exploitation is confirmed; however, the CVSS 4.0 vector includes E:P, indicating proof-of-concept exploit code exists.

XSS Docker Canarytokens
NVD GitHub VulDB
CVSS 4.0
1.1
EPSS
0.2%
CVE-2026-12888 LOW PATCH Monitor

HTML injection in Canarytokens' Google Chat webhook notifications allows an attacker who triggers a deployed canarytoken to embed limited HTML content - including crafted hyperlinks - inside the resulting alert message rendered in Google Chat. The vulnerable system is Canarytokens itself (Docker tag sha-4aef1db90 through sha-8ab4dccd), but the integrity impact lands on the subsequent system: the Google Chat interface where defenders receive their alerts. A proof of concept exists per CVSS 4.0 supplemental metric E:P; no confirmed active exploitation or CISA KEV listing exists at time of analysis.

Google Code Injection Docker Canarytokens
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.3%
CVE-2024-28111 MEDIUM PATCH This Month

Canarytokens helps track activity and actions on a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Canarytokens
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22475 MEDIUM PATCH This Month

Canarytokens is an open source tool which helps track activity and actions on your network. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Docker Canarytokens
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-31113 MEDIUM PATCH This Month

Canarytokens is an open source tool which helps track activity and actions on your network. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Canarytokens
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2019-9768 HIGH POC THREAT This Week

Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Canarytokens
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
11.7%
EPSS 0% CVSS 1.1
LOW Monitor

Stored XSS in the AWS API key store component of Thinkst Applied Research Canarytokens allows a low-privileged attacker who knows a token's random identifier to inject persistent malicious scripts that execute in a victim's browser when they view the affected token page. Exploitation is constrained by high attack complexity (AC:H), a prerequisite attack requirement (knowledge of a random identifier), low-privilege authentication, and active user interaction - reflected in an extremely low CVSS 4.0 base score of 1.1. No active exploitation is confirmed; however, the CVSS 4.0 vector includes E:P, indicating proof-of-concept exploit code exists.

XSS Docker Canarytokens
NVD GitHub VulDB
EPSS 0% CVSS 2.0
LOW PATCH Monitor

HTML injection in Canarytokens' Google Chat webhook notifications allows an attacker who triggers a deployed canarytoken to embed limited HTML content - including crafted hyperlinks - inside the resulting alert message rendered in Google Chat. The vulnerable system is Canarytokens itself (Docker tag sha-4aef1db90 through sha-8ab4dccd), but the integrity impact lands on the subsequent system: the Google Chat interface where defenders receive their alerts. A proof of concept exists per CVSS 4.0 supplemental metric E:P; no confirmed active exploitation or CISA KEV listing exists at time of analysis.

Google Code Injection Docker +1
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Canarytokens helps track activity and actions on a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Microsoft Canarytokens
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Canarytokens is an open source tool which helps track activity and actions on your network. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Docker Canarytokens
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Canarytokens is an open source tool which helps track activity and actions on your network. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Canarytokens
NVD GitHub
EPSS 12% CVSS 7.5
HIGH POC THREAT This Week

Thinkst Canarytokens through commit hash 4e89ee0 (2019-03-01) relies on limited variation in size, metadata, and timestamp, which makes it easier for attackers to estimate whether a Word document. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Canarytokens
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy