CVE-2026-4420 — Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its page creating…
Image via cert.pl
🚨 CVE-2026-4420 Bludit is vulnerable to Stored Cross-Site Scripting (XSS) in its page creating functionality. An authenticated attacker with page creation privileges (such as Author, Editor, or Administrator) can embed a malicious JavaScript payload in the tags field of a newly created article. Thi
Vulnerability in Bludit software
cert.pl
What This Means For You
- Rated critical severity — prioritize patching or mitigation.
- New vulnerability disclosed — verify if your stack is exposed.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-4420 | XSS | Software: Bludit, Versions: 3.17.2, 3.18.0, Vulnerable Component: Page creating functionality, specifically the 'tags' field of a newly created article. |
| CVE-2026-4420 | Privilege Escalation | Software: Bludit, Versions: 3.17.2, 3.18.0, Vulnerable Component: Page creating functionality, specifically the 'tags' field of a newly created article. Exploitation can lead to automatic creation of a new site administrator if the victim has sufficient privileges. |
🛠 Recommended Tools
Source & Attribution
| Source Platform | Telegram |
| Channel | CVE Notify |
| Channel ID | 1129491012 |
| Message ID | 158273 |
| Published | April 07, 2026 at 14:26 UTC |
| Original Link | https://cert.pl/en/posts/2026/04/CVE-2026-4420/ |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Found this interesting? Follow us to stay ahead.
Share