CVE-2026-25136 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: February 27, 2026
Rucio - Reflected XSS
Overview
Rucio < 35.8.3, < 38.5.4, and < 39.3.1 contain a reflected XSS caused by improper rendering of ExceptionMessage in WebUI 500 error, letting attackers steal login session tokens via crafted URLs, exploit requires user interaction.
Severity & Score
Impact
Attackers can steal login session tokens, leading to account compromise and unauthorized access.
Mitigation
Update to versions 35.8.3, 38.5.4, or 39.3.1 or later.
References
- https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
- https://github.com/rucio/rucio/releases/tag/35.8.3
- https://github.com/rucio/rucio/releases/tag/38.5.4
- https://github.com/rucio/rucio/releases/tag/39.3.1
- https://github.com/rucio/rucio/security/advisories/GHSA-h79m-5jjm-jm4q
Social Media Activity(1 post)
š CVE-2026-25136 - High (8.1) Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4,... š https://www.thehackerwire.com/vulnerability/CVE-2026-25136/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-25136
- Severity
- High
- CVSS Score
- 8.1
- Type
- reflected_xss
- Status
- confirmed
- EPSS
- 4.3%
- Social Posts
- 1
CWE
- CWE-79
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N