Threats Tagged 'cve-2026-40179'
View all threats tagged with 'cve-2026-40179'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-40179'
Click on any threat for detailed analysis and mitigation recommendations
BIT-prometheus-2026-40179: Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorerCVE-2026-40179 0 Prometheus versions prior to 3.5.2 and between 3.6.0 and before 3.11.2 contain stored cross-site scripting (XSS) vulnerabilities in the web UI. These vulnerabilities arise because metric names and label values are injected into the UI without proper escaping, allowing malicious JavaScript execution in user browsers. The issue affects multiple UI components including chart tooltips and the Metric Explorer fuzzy search. An attacker able to inject metrics via compromised scrape targets or remote write endpoints can exploit this to execute arbitrary scripts. Fixed in versions 3.5.2 and 3.11.2. Join the discussion | GCVE Database | 07/15/2026, 15:58:00 UTC Added: 07/16/2026, 10:40:26 UTC |
Showing 1 to 1 of 1 result