Reconnecting to live updates…

CVE-2026-26000: CWE-1021: Improper Restriction of Rendered UI Layers or Frames in xwiki xwiki-platform

Medium

VulnerabilityCVE-2026-26000cve cve-2026-26000 cwe-1021

Published: Thu Feb 12 2026 (02/12/2026, 20:30:07 UTC)

Source: CVE Database V5

Vendor/Project: xwiki

Product: xwiki-platform

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. This vulnerability is fixed in 17.9.0, 17.4.6, and 16.10.13.

Technical Details

Data Version: 5.2
Assigner Short Name: GitHub_M
Date Reserved: 2026-02-09T17:41:55.859Z
Cvss Version: 4.0
State: PUBLISHED

Threat ID: 698e3cc8c9e1ff5ad81239f6

Added to database: 2/12/2026, 8:49:12 PM

Last updated: 2/12/2026, 8:49:37 PM

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by

Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Related Threats

CVE-2026-26005: CWE-918: Server-Side Request Forgery (SSRF) in MacWarrior clipbucket-v5

Medium

VulnerabilityThu Feb 12 2026

CVE-2026-0619: CWE-190 Integer Overflow or Wraparound in silabs.com Silicon Labs Matter

Medium

VulnerabilityThu Feb 12 2026

CVE-2026-25933: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in arduino arduino-app-lab

Medium

VulnerabilityThu Feb 12 2026

CVE-2026-25768: CWE-862: Missing Authorization in cloudamqp lavinmq

High

VulnerabilityThu Feb 12 2026

CVE-2026-25767: CWE-863: Incorrect Authorization in cloudamqp lavinmq

High

VulnerabilityThu Feb 12 2026

Actions

Please log in to the Console to use AI analysis features.

External Links

NVD Database MITRE CVE Reference 1 Reference 2 Search on Google

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

CVE-2026-26000: CWE-1021: Improper Restriction of Rendered UI Layers or Frames in xwiki xwiki-platform

CVE-2026-26000: CWE-1021: Improper Restriction of Rendered UI Layers or Frames in xwiki xwiki-platform

Description

Technical Details

Community Reviews

Related Threats

CVE-2026-26005: CWE-918: Server-Side Request Forgery (SSRF) in MacWarrior clipbucket-v5

CVE-2026-0619: CWE-190 Integer Overflow or Wraparound in silabs.com Silicon Labs Matter

CVE-2026-25933: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in arduino arduino-app-lab

CVE-2026-25768: CWE-862: Missing Authorization in cloudamqp lavinmq

CVE-2026-25767: CWE-863: Incorrect Authorization in cloudamqp lavinmq

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility