This vulnerability (CVE-2026-41554) in Bricks Builder is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), resulting in reflected Cross-site Scripting (XSS). It affects Bricks Builder versions from an unspecified start through 1.9.2 up to 2.2. The CVSS v3.1 base score is 7.1, indicating high severity, with attack vector network, low attack complexity, no privileges required, user interaction required, scope changed, and impacts on confidentiality, integrity, and availability. The vulnerability allows an attacker to inject malicious scripts that execute in the context of the victim's browser when they interact with crafted web content generated by the affected plugin. No patch or official remediation level has been published yet.

Successful exploitation of this reflected XSS vulnerability can lead to the execution of arbitrary scripts in the context of the victim's browser, potentially resulting in data theft, session hijacking, or other malicious actions impacting confidentiality, integrity, and availability of the affected system or user data. The CVSS score of 7.1 reflects these impacts. However, there are no known exploits in the wild currently.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider applying temporary mitigations such as disabling or limiting use of the affected Bricks Builder versions, or employing web application firewalls (WAFs) with rules to detect and block reflected XSS attempts. Monitor official Bricks vendor channels for updates and apply patches promptly once available.