CVE-2026-26272 in homeboxinfo

Zusammenfassung

von MITRE • 04.03.2026

HomeBox is a home inventory and organization system. Prior to 0.24.0-rc.1, a stored cross-site scripting (XSS) vulnerability exists in the item attachment upload functionality. The application does not properly validate or restrict uploaded file types, allowing an authenticated user to upload malicious HTML or SVG files containing executable JavaScript (also, potentially other formats that render scripts). Uploaded attachments are accessible via direct links. When a user accesses such a file in their browser, the embedded JavaScript executes in the context of the application's origin. This vulnerability is fixed in 0.24.0-rc.1.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

12.02.2026

Veröffentlichung

04.03.2026

Moderieren

akzeptiert

Eintrag

VDB-348663

CPE

bereit

CWE

CWE-79 (bestätigt)

CVSS

5.4 (NVD)

EPSS

0.00041

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-26272
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-26272
CVE Details	https://www.cvedetails.com/cve/CVE-2026-26272/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!