{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-11859","assignerOrgId":"0f2be0ad-3469-4e56-b38f-4eb96719b425","state":"PUBLISHED","assignerShortName":"ThinkstAppliedResearch","dateReserved":"2026-06-10T10:35:44.979Z","datePublished":"2026-06-10T11:35:14.974Z","dateUpdated":"2026-06-10T14:38:21.778Z"},"containers":{"cna":{"providerMetadata":{"orgId":"0f2be0ad-3469-4e56-b38f-4eb96719b425","shortName":"ThinkstAppliedResearch","dateUpdated":"2026-06-10T11:35:14.974Z"},"title":"HTML injection in the Canarytoken links email","datePublic":"2026-06-10T10:36:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-74","description":"CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","type":"CWE"}]}],"impacts":[{"capecId":"CAPEC-113","descriptions":[{"lang":"en","value":"CAPEC-113 Interface Manipulation"}]},{"capecId":"CAPEC-63","descriptions":[{"lang":"en","value":"CAPEC-63 Cross-Site Scripting (XSS)"}]}],"affected":[{"vendor":"Thinkst Applied Research","product":"Canarytokens","versions":[{"status":"affected","version":"sha-c0f3cf142","lessThan":"sha-08c3f93d","versionType":"custom"},{"status":"affected","version":"c0f3cf142","lessThan":"08c3f93d","versionType":"git"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"An HTML injection vulnerability in the \"fetch links\" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails.\n\n\nThis issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from Git commit c0f3cf142 before 08c3f93d.","supportingMedia":[{"type":"text/html","base64":false,"value":"An HTML injection vulnerability in the \"fetch links\" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails.
This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from Git commit c0f3cf142 before 08c3f93d.
"}]}],"references":[{"url":"https://github.com/thinkst/canarytokens/security/advisories/GHSA-55jf-cqr9-r7p4"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN","version":"4.0","baseSeverity":"LOW","baseScore":2,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:P/AU:N/RE:L/U:Green"}}],"solutions":[{"lang":"en","value":"Pull the latest Docker image:\n\n\n$ docker pull thinkst/canarytokens:latest","supportingMedia":[{"type":"text/html","base64":false,"value":"Pull the latest Docker image: