CVE-2026-10729
HTML injection in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 1.2EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
03 jun 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails.
This issue affects Canarytokens: from Docker tag sha-c42435e before sha-bfda4df, from Git commit c42435e before bfda4df.
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:P/AU:N/RE:L/U:Green
Produtos afetados
Thinkst Applied Research · Canarytokens