Medium severity5.4NVD Advisory· Published Jun 3, 2026· Updated Jun 4, 2026
CVE-2026-26378
CVE-2026-26378
Description
Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- g03m0n.github.io/posts/cve-2026-26378/nvdExploitThird Party Advisory
- g03m0n.github.ionvdThird Party Advisory
News mentions
0No linked articles in our index yet.