Home / Vulnerability Intelligence / CVE-2026-34725

CVE-2026-34725 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: April 2, 2026

DbGate - Stored XSS & Local Code Execution

Published: April 2, 2026Updated: April 2, 2026

Overview

DbGate 7.0.0 to < 7.1.5 contains a stored XSS caused by rendering attacker-controlled SVG icon strings as raw HTML without sanitization, letting attackers execute scripts in user browsers or escalate to local code execution in Electron app, exploit requires user interaction.

Severity & Score

Severity: High

CVSS Score: 8.2

Impact

Attackers can execute scripts in other users' browsers or achieve local code execution in the Electron app, potentially compromising user data or system.

Mitigation

Upgrade to version 7.1.5 or later.

References

https://github.com/dbgate/dbgate/commit/a7d2ed11f3f3d4dfb5d2e4e5467dedafa5fa947e
https://github.com/dbgate/dbgate/releases/tag/v7.1.5
https://github.com/dbgate/dbgate/security/advisories/GHSA-35xm-qvjg-8m42

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-34725
Severity: High
CVSS Score: 8.2
Type: stored_xss
Status: new

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H