to break out of the intended HTML context and execute arbitrary JavaScript in the browser of any authenticated user who views the affected page. This can be leveraged to perform authenticated API requests, access sensitive data such as usernames, email addresses, and roles via internal APIs, and exfiltrate it to an attacker-controlled server. This issue has been fixed in version 4.29.0.","datePublished":"2026-04-15T20:16:36.000Z","dateModified":"2026-04-15T20:16:36.000Z","author":{"@type":"Organization","name":"Cyber Hub"},"publisher":{"@type":"Organization","name":"Cyber Hub","logo":{"@type":"ImageObject","url":"https://www.cyberhub.blog/icon-512x512.png"}},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.cyberhub.blog/cves/CVE-2026-35569"},"keywords":"CVE, security vulnerability, cybersecurity, CVE-CVE-2026-35569","about":{"@type":"Thing","name":"Cybersecurity Vulnerability"},"additionalProperty":[{"@type":"PropertyValue","name":"CVSS Score","value":8.699999809265137},{"@type":"PropertyValue","name":"Status","value":"Modified"}]}
Cyber Hub