CVE-2025-26791

CVSS 3.1 Score 4.5 of 10 (medium)

Details

Published Feb 14, 2025

CWE ID 79

Summary

CVE-2025-26791 is a vulnerability affecting DOMPurify before version 3.2.4. This issue arises due to an incorrect template literal regular expression used by the software. As a result, mutation cross-site scripting (mXSS) attacks become possible, where an attacker can manipulate the DOM tree of a web page and execute malicious code. This vulnerability poses a significant risk, particularly for web applications that rely on DOMPurify for input sanitization. It is recommended that users upgrade to the latest version of DOMPurify to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Cure53

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3VcKKH
https://www.cve.org/CVERecord?id=CVE-2025-26791
https://nvd.nist.gov/vuln/detail/CVE-2025-26791

Back to Vulnerability Database

CVE-2025-26791

CVSS 3.1 Score 4.5 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations