CVE-2026-10729

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 03, 2026

Vendor unknown

Description

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c42435e before sha-bfda4df, from Git commit c42435e before bfda4df.

References

https://github.com/thinkst/canarytokens/security/advisories/GHSA-hmjv-pj8j-8fg7