Kestra

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-29082 HIGH POC This Week

Kestra versions 1.1.10 and earlier allow authenticated users to perform cross-site scripting (XSS) attacks through the execution-file preview feature, which renders unsanitized Markdown as HTML. An attacker with login credentials can inject malicious scripts that execute in other users' browsers, potentially leading to session hijacking or credential theft. Public exploit code exists and no patch is currently available.

XSS Kestra

NVD GitHub

CVSS 3.1

7.3

EPSS

0.0%

CVE-2026-29082

EPSS 0% CVSS 7.3

HIGH POC This Week

Kestra versions 1.1.10 and earlier allow authenticated users to perform cross-site scripting (XSS) attacks through the execution-file preview feature, which renders unsanitized Markdown as HTML. An attacker with login credentials can inject malicious scripts that execute in other users' browsers, potentially leading to session hijacking or credential theft. Public exploit code exists and no patch is currently available.

XSS Kestra

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy