CVE-2026-1001 in Domoticzinfo

Summary

Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attackers can inject malicious code that is stored and rendered without proper output encoding, causing script execution in the browsers of users viewing the affected page and enabling unauthorized actions within their session context.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsible

VulnCheck

Reservation

01/15/2026

Disclosure

03/25/2026

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
353336Domoticz Web cross site scripting79Not definedOfficial fixCVE-2026-1001

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!