CVE-2026-35166 in hugoИнформация

Сводка

по MITRE • 06.04.2026

Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in 0.159.2.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

GitHub M

Резервировать

01.04.2026

Раскрытие

06.04.2026

Модерация

принято

Вход

VDB-355633

CPE

готов

CWE

CWE-79 (Подтверждённый)

CVSS

4.3 (VulDB)

EPSS

0.00012

KEV

Нет

Деятельности

Очень низкий

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-35166
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-35166
CVE Details	https://www.cvedetails.com/cve/CVE-2026-35166/

◂ Предыдущий Обзор Далее ▸

Do you need the next level of professionalism?

Upgrade your account now!