Unrated severityNVD Advisory· Published Feb 2, 2026· Updated Feb 2, 2026

CVE-2026-22881

Description

Cross-site scripting vulnerability exists in Message function of Cybozu Garoon 5.15.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords.

Affected products

Cybozu/Garoonllm-fuzzy
Range: >=5.15.0, <=6.0.3
Cybozu, Inc./Cybozu Garoonv5
Range: 5.15.0 to 6.0.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN35265756/mitre
kb.cybozu.support/article/39084/mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000