CVE Catalog

CVE-2026-11859

LowCVSS 2.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.05%

15th percentile — higher than 15% of all known CVEs

Summary

CVE-2026-11859 describes an HTML injection vulnerability in the 'fetch links' emails sent by Thinkst Applied Research Canarytokens, allowing for Interface Manipulation and Cross-Site Scripting (XSS) in email clients that render HTML emails.

Risk Assessment

This vulnerability may lead to unauthorized access to user data and allow attackers to execute malicious code in the victim's browser context.

Recommendation

It is recommended to update Canarytokens to a version that is not vulnerable to this issue and to monitor emails for suspicious links.

Original NVD description (English source)

An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from Git commit c0f3cf142 before 08c3f93d.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS