3 matches found
CVE-2026-41591
Marko is a declarative, HTML-based language for building web apps. Prior to marko version 5.38.36 and prior to @marko/runtime-tags 6.0.164, when dynamic text is interpolated into a or tag the Marko runtime failed to prevent tag breakout when the closing tag used non-lowercase casing. An attacker...
@marko/compiler (=5.0.0-next.0), @marko/translator-default (=5.0.0-next.0) +1 more potentially affected by CVE-2026-41591 via marko (>=5.0.0-next.0 <=5.20.9)
marko NPM version =5.0.0-next.0, =1.1.4, =1.2.1 Source cves: CVE-2026-41591 Source advisory: SNYK:JS-MARKO-16421453...
@27works/posto (=2.0.2), @awly/lasso (=3.2.4) +180 more potentially affected by CVE-2026-41591 via marko (>=1.6.11 <=5.20.9)
marko NPM version =1.6.11, =1.15.0, =1.0.0, =1.0.0, =1.0.0, =0.4.15, =1.26.0, =0.4.16, =0.1.0, =0.2.0, =0.0.1, =1.0.0, =1.0.1, =1.1.1 and more Source cves: CVE-2026-41591 Source advisory: OSV:GHSA-X9FJ-57FH-C8WQ...