CVE-2026-32721

high Red Hat
CVSS v3 Base Score
8.8
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Characteristics
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
High
Published: March 19, 2026 (55 days ago)
Last Modified: March 19, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in LuCI, the OpenWrt Configuration Interface. A remote attacker can exploit a stored Cross-Site Scripting (XSS) vulnerability in the wireless scan modal by crafting a malicious Wi-Fi network name (SSID). When a user opens the wireless scan modal, the unsanitized SSID is rendered as raw HTML, allowing the attacker to execute arbitrary HTML or JavaScript code in the user's browser. This can lead to information disclosure or other malicious activities.

CWE

CWE-79

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 github.com 🔗 github.com