CVE-2026-10850

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 17, 2026

Vendor unknown

Description

Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API v1 intake endpoint.

References

https://fluidattacks.com/es/advisories/earth
https://github.com/makeplane/plane
https://fluidattacks.com/es/advisories/earth