CVE-2026-40472
CRITICAL
NVD
CVSS Score
9.9
Severity
CRITICAL
Published
Apr 23, 2026
Vendor
unknown
Description
In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting (XSS) attacks.