CVE-2026-42086 | OpenC3 cosmos up to 6.x Session Token eval cross site scripting (GHSA-ffq5-qpvf-xq7x)

Inserito da Angelo Barbosa | Mag 4, 2026 | CVE

A vulnerability was found in OpenC3 cosmos up to 6.x. It has been rated as problematic. This vulnerability affects the function eval of the component Session Token Handler. The manipulation leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2026-42086. The attack is possible to be carried out remotely. No exploit exists.

Upgrading the affected component is advised.

CVE-2026-42086 | OpenC3 cosmos up to 6.x Session Token eval cross site scripting (GHSA-ffq5-qpvf-xq7x)

Post correlati

CVE-2026-2490 | RustDesk Client on Windows link following

CVE-2024-24791 | net-http up to 1.21.11/1.22.4 on Go net/http denial of service

CVE-2024-29171 | Dell BSAFE SSL-J up to 7.2.1 certificate validation (dsa-2024-221)

CVE-2025-29745 | Emsisoft Anti-Malware 2018.8.1.8923 Scanning Module information disclosure