Home / Vulnerability Intelligence / CVE-2026-41653

CVE-2026-41653 - Vulnerability Analysis

N/a

Last Updated: May 7, 2026

BentoPDF - Stored XSS

Published: May 7, 2026Updated: May 7, 2026PoC Available

Overview

BentoPDF < 2.8.3 contains a stored XSS caused by improper sanitization in Markdown to PDF Tool, letting attackers execute arbitrary JavaScript, exploit requires specific input triggering the vulnerability.

Severity & Score

Severity: N/a

Impact

Attackers can execute arbitrary JavaScript, potentially leading to session hijacking or user impersonation.

Mitigation

Update to version 2.8.3 or later.

References

https://github.com/alam00000/bentopdf/releases/tag/v2.8.3
https://github.com/alam00000/bentopdf/security/advisories/GHSA-6vh8-4frx-647f

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-41653
Severity: N/a
Type: stored_xss
Status: rejected

CWE

CWE-79

CVSS Metrics

N/A