VYPR
Medium severity5.4NVD Advisory· Published Apr 8, 2026· Updated Apr 17, 2026

CVE-2026-40028

CVE-2026-40028

Description

Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the Computer field of JSON logs that executes in the forensic examiner's browser session when viewing the generated HTML report, leading to information disclosure or code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:yamato-security:hayabusa:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:yamato-security:hayabusa:*:*:*:*:*:*:*:*range: <3.8.0
    • (no CPE)range: <3.8.0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.