cbcvebase.
CVE-2026-39826
published 2026-05-07

CVE-2026-39826: If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the…

PriorityP429medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.37%
29.0th percentile
If a trusted template author were to write a tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the block.

Affected

100 ranges· showing 25
VendorProductVersion rangeFixed in
3scale-amp23scale-rhel7-operator
3scale-amp23scale-rhel9-operator
advanced-cluster-securityrhacs-main-rhel8
ansible-automation-platform-26receptor-rhel9
build-of-trusteetrustee-rhel9-operator
buildah_projectbuildah
cert-managerjetstack-cert-manager-rhel9
complianceopenshift-compliance-operator-bundle
complianceopenshift-selinuxd-rhel8
confidential-compute-attestation-tech-previewtrustee-rhel9-operator
confidential-containerstrustee
container-native-virtualizationkubevirt-apiserver-proxy-rhel9
container-native-virtualizationvirt-api-rhel9
container-tools_rhel8buildah
container-tools_rhel8conmon
container-tools_rhel8containernetworking-plugins
container-tools_rhel8podman
container-tools_rhel8skopeo
container-tools_rhel8toolbox
cryostatcryostat-storage-rhel9
custom-metrics-autoscalercustom-metrics-autoscaler-rhel9
devspacesudi-rhel9
devworkspacedevworkspace-rhel9-operator
dvodeployment-validation-rhel8-operator
etcdetcd

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.