ByteOS Network

CVE Vulnerability Details :

CVE-2026-23769

PUBLISHED

More Info Official Page

Assigner-naver

Assigner Org ID-f9629fae-ca2e-4fbf-9785-3ed86476aef6

Published At-16 Jan, 2026 | 05:23

Updated At-16 Jan, 2026 | 14:05

▼CVE Numbering Authority (CNA)

lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files.

Affected Products

Vendor

NAVER

Product

lucy-xss-filter

Repo

https://github.com/naver/lucy-xss-filter

Default Status

affected

Versions

Unaffected

e5826c0d26b4f546955279767bbe94e5c7ed3f15 (git)

Problem Types

Type	CWE ID	Description
CWE	CWE-79	CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Type: CWE

CWE ID: CWE-79

Description: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Credits

finder

Younghun Ko of AhnLab

References

Hyperlink	Resource
https://cve.naver.com/detail/cve-2026-23769.html	vendor-advisory
https://github.com/naver/lucy-xss-filter/pull/32	mitigation

Hyperlink: https://cve.naver.com/detail/cve-2026-23769.html

Resource:

vendor-advisory

Hyperlink: https://github.com/naver/lucy-xss-filter/pull/32

Resource:

mitigation

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics

Version	Base score	Base severity	Vector
3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products

Unaffected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References