Medium severityOSV Advisory· Published Jan 24, 2026· Updated Apr 15, 2026

CVE-2026-24474

Description

Dioxus Components is a shadcn-style component library for the Dioxus app framework. Prior to commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a, use_animated_open formats a string for eval with an id that can be user supplied. Commit 41e4242ecb1062d04ae42a5215363c1d9fd4e23a patches the issue.

Affected products

Dioxuslabs/ComponentsOSV

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/DioxusLabs/components/commit/41e4242ecb1062d04ae42a5215363c1d9fd4e23anvd
github.com/DioxusLabs/components/security/advisories/GHSA-34pj-292j-xr69nvd

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000