← voltar
CVE-2026-12888

HTML injection in the Canarytoken Google Chat notification

CVSS 2 LOWEPSS 0.3%CWE-74
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 2EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
22 jun 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An HTML injection vulnerability exists in the Google Chat webhook notification  sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90 before sha-8ab4dccd, from Git commit 4aef1db90 before 8ab4dccd.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:P/AU:N/RE:L/U:Green