CVE-2026-40201
The CVE-2026-40201 affects @diplodoc/search-extension from versions 1.0.0 through 3.x prior to 3.0.3, where a stored XSS is possible via the title in a .md file. The issue is caused by input not being properly sanitized before being rendered in titles, enabling an attacker-supplied payload to exe...