CVE-2026-13140

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Jun 24, 2026

Vendor unknown

Description

Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit 4116b92cb before f5aa5c4e.

References

https://github.com/thinkst/canarytokens/security/advisories/GHSA-23pf-xjp2-48q6