← back
CVE-2025-70296

CVE-2025-70296

CVSS 5.4 MEDIUMEPSS 0.2%CWE-77
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Affected products
n/a · n/a