A vulnerability labeled as problematic has been found in gohugoio Hugo up to 0.163.2. This issue affects some unknown processing of the component Code-Block Renderer. The manipulation results in cross site scripting.
This vulnerability is reported as CVE-2026-58402. The attack can be launched remotely. No exploit exists.