CVE-2026-32289

medium Red Hat
CVSS v3 Base Score
5.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 99% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
Low
Integrity
Low
Availability
None
Published: April 8, 2026 (36 days ago)
Last Modified: April 8, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in the `html/template` package. This vulnerability arises from improper tracking of context and brace depth within JavaScript (JS) template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting (XSS) vulnerabilities. This could allow an attacker to inject malicious scripts into web pages viewed by other users.

CWE

CWE-79

Affected Products

Assisted Installer for Red Hat OpenShift Container Platform 2Builds for Red Hat OpenShiftcert-manager Operator for Red Hat OpenShiftCompliance OperatorConfidential Compute AttestationCryostat 4Custom Metric Autoscaler operator for Red Hat OpenshiftDeployment Validation OperatorExternalDNS OperatorExternal Secrets Operator for Red Hat OpenShift

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 go.dev 🔗 go.dev