DivvyDrive XSS Vulnerability (CVE-2026-6002) Poses High Risk

/HIGH /CVSS 8.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycross-site-scripting-xsscwe-80
DivvyDrive XSS Vulnerability (CVE-2026-6002) Poses High Risk

A high-severity Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2026-6002, has been identified in DivvyDrive Information Technologies Inc.’s DivvyDrive platform. The National Vulnerability Database reports this flaw, stemming from improper neutralization of script-related HTML tags, allows for basic XSS attacks. Attackers can inject malicious scripts into web pages viewed by other users, leading to session hijacking, data theft, or arbitrary code execution within the user’s browser.

The vulnerability impacts DivvyDrive versions from 4.8.2.9 before 4.8.3.2. The National Vulnerability Database assigned a CVSS v3.1 score of 8.8 (High), highlighting the critical risk. This score reflects the network-based attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability, requiring user interaction to exploit.

Defenders leveraging DivvyDrive must prioritize patching. XSS attacks, while seemingly basic, are often a gateway for more sophisticated intrusions. They compromise user trust and can expose sensitive organizational data. Ensure all instances are updated to a non-vulnerable version immediately.

What This Means For You

  • If your organization uses DivvyDrive, you need to verify your version immediately. Check if you are running any version from 4.8.2.9 up to, but not including, 4.8.3.2. Prioritize patching to version 4.8.3.2 or later to mitigate CVE-2026-6002. An unpatched XSS vulnerability means your users are exposed to potential session hijacking and data exfiltration.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1566.002 Phishing: Spearphishing Link Initial Access

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

DivvyDrive XSS Attempt via Specific URI - CVE-2026-6002

Sigma YAML — free preview 
title: DivvyDrive XSS Attempt via Specific URI - CVE-2026-6002
id: scw-2026-05-07-ai-1
status: experimental
level: high
description: |
  Detects attempts to exploit the DivvyDrive XSS vulnerability (CVE-2026-6002) by looking for specific URI patterns known to be vulnerable and a common XSS payload. This indicates an attempt at initial access via a web application vulnerability.
author: SCW Feed Engine (AI-generated)
date: 2026-05-07
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-6002/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/DivvyDrive/reports/view?reportId='
      cs-uri-query|contains:
          - '<script>alert("CVE-2026-6002")</script>'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-6002 XSS DivvyDrive Information Technologies Inc. DivvyDrive
CVE-2026-6002 XSS DivvyDrive versions from 4.8.2.9 before 4.8.3.2
CVE-2026-6002 XSS Improper neutralization of Script-Related HTML tags

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 07, 2026 at 16:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

DivvyDrive Open Redirect Vulnerability CVE-2026-6795 Rated Critical

CVE-2026-6795 — URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Parameter Injection. This issue affects DivvyDrive: from 4.8.2.9...

vulnerabilityCVEcriticalhigh-severityopen-redirectcwe-601
/SCW Vulnerability Desk /CRITICAL /9.6 /⚑ 3 IOCs

CVE-2026-41685 — Incus is a system container and virtual machine manager.

CVE-2026-41685 — Incus is a system container and virtual machine manager. Prior to version 7.0.0, uploads of large amount of data by authenticated users can...

vulnerabilityCVEmedium-severitycwe-770
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-41684 — Incus is a system container and virtual machine manager.

CVE-2026-41684 — Incus is a system container and virtual machine manager. Prior to version 7.0.0, backup.GetInfo() trusts the inline backup/index.yaml config when present and only...

vulnerabilityCVEmedium-severitycwe-476
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 2 Sigma