PT-2026-34614

🗓️ 22 Apr 2026 00:00:00Reported by Positive TechnologiesType

ptsecurity

ptsecurity🔗 dbugs.ptsecurity.com👁 4 Views

Comment and CDATA in Xml Builder do not escape --> and ]]> sequences, enabling XSS.

Reporter	Title	Published	Views	Family All 44
IBM Security Bulletins	Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Node.js	2 Jun 202615:37	–	ibm
IBM Security Bulletins	Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.	1 Jun 202608:35	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Node.js	2 Jun 202615:38	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to multiple node modules	22 May 202608:50	–	ibm
ATTACKERKB	CVE-2026-41650	7 May 202613:36	–	attackerkb
ATTACKERKB	CVE-2026-44664	13 May 202615:27	–	attackerkb
Chainguard	CVE-2026-41650 vulnerabilities	30 Apr 202601:17	–	cgr
Circl	CVE-2026-41650	18 Apr 202602:46	–	circl
CNNVD	fast-xml-parser 安全漏洞	7 May 202600:00	–	cnnvd
CVE	CVE-2026-41650	7 May 202613:36	–	cve

Source	Link
t	www.t.me/cveNotify/163290
github	www.github.com/NaturalIntelligence/fast-xml-parser
osv	www.osv.dev/vulnerability/GHSA-gh4j-gqv2-49f6
github	www.github.com/NaturalIntelligence/fast-xml-parser/releases/tag/v5.6.0
twitter	www.twitter.com/VulmonFeeds/status/2047168309620027483
github	www.github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-gh4j-gqv2-49f6
t	www.t.me/CVEtracker/53671
t	www.t.me/CVEtracker/52994
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-41650

13 May 2026 00:00Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.16.1

EPSS0.00012

SSVC

Xml Builder Comment injection Cdata injection Unescaped delimiters XSS risk