CVE-2026-35166 in hugoالمعلومات

الملخص

بحسب MITRE • 06/04/2026

Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in 0.159.2.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

01/04/2026

إفشاء

06/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-355633

CPE

جاهز

CWE

CWE-79 (مؤكد)

CVSS

4.3 (VulDB)

EPSS

0.00012

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-35166
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-35166
CVE Details	https://www.cvedetails.com/cve/CVE-2026-35166/

التالي ▸نظرة عامة ◂ السابق

Want to know what is going to be exploited?

We predict KEV entries!