The vulnerability CVE-2026-27058 affects PenciDesign's Penci Podcast plugin up to version 1.7. It is a DOM-based Cross-site Scripting (XSS) issue caused by improper neutralization of input during web page generation. This allows an attacker with low privileges and requiring user interaction to execute malicious scripts in the context of the affected web application. The CVSS 3.1 base score is 6.5, reflecting network attack vector, low attack complexity, low privileges required, user interaction needed, and impacts on confidentiality, integrity, and availability.

Successful exploitation of this DOM-based XSS vulnerability could allow an attacker to execute arbitrary scripts in the context of the victim's browser session, potentially leading to partial disclosure of sensitive information, modification of web content, or disruption of service. The impact is rated medium with a CVSS score of 6.5, indicating moderate risk to affected systems.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or advisory is provided, users should monitor for updates from PenciDesign. Until a fix is available, consider limiting exposure by restricting access to the affected plugin or disabling it if feasible.