CVE-2026-3457 is a stored Cross-Site Scripting (XSS) vulnerability classified under CWE-79 affecting Thales Sentinel LDK Runtime on Windows platforms prior to version 10.22. The vulnerability stems from improper neutralization of user-supplied input during the generation of web pages within the Sentinel LDK Runtime environment. This flaw allows an attacker with local access to inject malicious scripts that are stored and subsequently executed in the context of the application, potentially leading to unauthorized actions, data theft, or session hijacking. The CVSS 4.0 vector indicates the attack requires local access (AV:L), low attack complexity (AC:L), no privileges (PR:N), no user interaction (UI:N), and results in low confidentiality impact (VC:L), high integrity impact (VI:H), no availability impact (VA:N), low scope (SC:L), and high security impact (SI:H). The vulnerability is significant because it enables persistent script injection without authentication or user interaction, increasing the risk of automated exploitation once local access is obtained. Sentinel LDK Runtime is widely used for software licensing and protection, making this vulnerability critical for organizations relying on this product to secure their software assets. No patches or known exploits are currently available, but the vulnerability has been publicly disclosed, increasing the risk of future exploitation. The improper input handling indicates a failure in sanitizing or encoding user input before embedding it into web pages generated by the runtime, a common vector for stored XSS attacks.

The primary impact of CVE-2026-3457 is on the confidentiality and integrity of affected systems. An attacker who gains local access can inject malicious scripts that execute in the context of the Sentinel LDK Runtime, potentially allowing unauthorized actions such as data manipulation, theft of sensitive information, or execution of arbitrary code within the application context. Although the attack vector is local, the lack of required privileges or user interaction lowers the barrier for exploitation once local access is achieved. This can lead to privilege escalation or lateral movement within an organization’s network. The availability impact is minimal, but the integrity and confidentiality risks are high, especially for organizations that rely on Sentinel LDK Runtime for software licensing and protection, as compromise could undermine software licensing enforcement and intellectual property protection. The vulnerability could also be leveraged as part of a broader attack chain targeting software supply chains or internal licensing infrastructure.

1. Restrict local access to systems running Thales Sentinel LDK Runtime to trusted personnel only, using strict access controls and monitoring. 2. Implement application whitelisting and endpoint detection and response (EDR) solutions to detect and prevent unauthorized script execution or anomalous behavior related to the runtime. 3. Conduct thorough input validation and sanitization on any user-supplied data that interacts with the Sentinel LDK Runtime environment, if customization is possible. 4. Monitor logs and system behavior for signs of suspicious activity indicative of XSS exploitation attempts or injection of malicious scripts. 5. Prepare for immediate deployment of official patches or updates from Thales once they become available, and subscribe to vendor advisories for timely notifications. 6. Educate local users and administrators about the risks of local access exploitation and enforce strong endpoint security policies. 7. Consider network segmentation to isolate systems running Sentinel LDK Runtime from less trusted network zones to reduce attack surface.