CVE-2026-9646
Received
Received - Intake
Reflected XSS in URL Handling
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: Tenable Network Security, Inc.
Description
Description
A reflected cross-site scripting issue exists in URL handling.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Currently, no data is known.
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-80 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a reflected cross-site scripting (XSS) issue that exists in URL handling.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to execute malicious scripts in the context of a user's browser by exploiting the URL handling. This can lead to limited confidentiality and integrity impacts, as indicated by the CVSS score.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70