Medium severity4.3NVD Advisory· Published Mar 11, 2026· Updated Apr 29, 2026
CVE-2026-3951
CVE-2026-3951
Description
A security flaw has been discovered in LockerProject Locker 0.0.0/0.0.1/0.1.0. Affected is the function authIsAwesome of the file source-code/Locker-master/Ops/registry.js of the component Error Response Handler. The manipulation of the argument ID results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
9- Tables Turn on 'The Gentlemen' RaaS Gang With Data LeakDark Reading · May 13, 2026
- Thus Spoke…The GentlemenCheck Point Research · May 13, 2026
- Friday Squid Blogging: Giant Squid Live in the Waters of Western AustraliaSchneier on Security · May 8, 2026
- PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal CredentialsThe Hacker News · Apr 30, 2026
- VECT 2.0 Ransomware Irreversibly Destroys Files Over 131KB on Windows, Linux, ESXiThe Hacker News · Apr 28, 2026
- VECT: Ransomware by design, Wiper by accidentCheck Point Research · Apr 28, 2026
- ⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & MoreThe Hacker News · Apr 27, 2026
- 'The Gentlemen' Rapidly Rises to Ransomware ProminenceDark Reading · Apr 22, 2026
- DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the ProxyCheck Point Research · Apr 20, 2026