VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 5, 2026· Updated Mar 10, 2026

CVE-2026-26377

CVE-2026-26377

Description

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via the News function.

Affected products

2
  • Koha/Kohadescription
  • Koha/Kohallm-fuzzy
    Range: <=25.11

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.