CyberRota
← Ana sayfaya dön

CVE-2026-31981

MEDIUM · CVSS 5.9 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-09T08:16:47.483 · Çekilme zamanı: 2026-07-09T12:07:32.558355+00:00

CyberRota Yorumu

Saldırganın giriş yapmış olması gerekebilir.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

Tespit Edilen Sinyaller
exploit

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-31981
Severity
MEDIUM
CVSS
5.9
EPSS
Yok

Orijinal NVD Açıklaması

A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple input vectors. When a victim views the affected data in the Diagram tab and Graph view, the injected HTML renders in their browser, enabling phishing and possibly open redirect attacks. Full XSS exploitation and direct information disclosure are prevented by the existing input validation and Content Security Policy configuration.