Critical severityNVD Advisory· Published May 9, 2025· Updated Apr 15, 2026

CVE-2025-1087

Description

Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application.

Patches

ba27b3206d16

https://github.com/Kong/insomniavia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

tantosec.com/blog/2025/06/insomnia-api-client-template-injection/nvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000