CVE-2026-27332 is a reflected Cross-site Scripting (XSS) vulnerability identified in skygroup's Agrofood software, affecting versions prior to 1.4.0. The vulnerability stems from improper neutralization of user-supplied input during web page generation, which allows attackers to inject malicious JavaScript code into web pages viewed by other users. This reflected XSS occurs when crafted input is immediately included in the HTTP response without adequate sanitization or encoding, enabling execution of arbitrary scripts in the context of the victim's browser session. The CVSS 3.1 base score of 7.1 reflects a high severity, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is changed (S:C), indicating that exploitation can affect resources beyond the vulnerable component. The impact includes low confidentiality, integrity, and availability losses, as attackers can steal session tokens, manipulate displayed content, or perform actions on behalf of the user. Although no known exploits are reported in the wild, the vulnerability poses a significant risk, especially in environments where Agrofood is used to manage sensitive agricultural data or operations. The lack of available patches at the time of reporting necessitates interim mitigations such as input validation, output encoding, and user awareness to reduce risk. The vulnerability was reserved in February 2026 and published in March 2026, indicating recent discovery and disclosure.

The reflected XSS vulnerability in Agrofood can lead to unauthorized disclosure of sensitive information, including user credentials and session tokens, compromising confidentiality. Attackers can manipulate the integrity of displayed data or perform unauthorized actions on behalf of authenticated users, potentially disrupting agricultural management processes. Availability may be indirectly affected if malicious scripts cause application malfunction or facilitate further attacks such as malware delivery. Organizations relying on Agrofood for critical agricultural operations face risks of data breaches, operational disruption, and reputational damage. The requirement for user interaction limits automated exploitation but social engineering can facilitate attacks. The scope change indicates that exploitation can impact other components or user sessions beyond the initial vulnerable page, increasing potential damage. Given the strategic importance of agriculture and food supply chains, successful exploitation could have broader economic and societal impacts.

Organizations should prioritize upgrading Agrofood to version 1.4.0 or later once patches are released by skygroup. Until patches are available, implement strict input validation on all user-supplied data, employing whitelist approaches where feasible. Apply context-appropriate output encoding (e.g., HTML entity encoding) to neutralize potentially malicious input before rendering in web pages. Employ Content Security Policy (CSP) headers to restrict execution of unauthorized scripts and reduce impact of XSS attacks. Conduct user training to recognize and avoid suspicious links or inputs that could trigger reflected XSS. Monitor web application logs for unusual input patterns or error messages indicative of attempted exploitation. Consider deploying Web Application Firewalls (WAFs) with rules targeting reflected XSS payloads specific to Agrofood's request patterns. Regularly review and update security controls as patches and advisories become available from the vendor.