Bug 2449305 (CVE-2026-32721)
| Summary: | CVE-2026-32721 LuCI: luci-mod-network: OpenWrt: openwrt/luci: LuCI: Arbitrary code execution via malicious Wi-Fi SSID in wireless scan modal | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability-draft | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in LuCI, the OpenWrt Configuration Interface. A remote attacker can exploit a stored Cross-Site Scripting (XSS) vulnerability in the wireless scan modal by crafting a malicious Wi-Fi network name (SSID). When a user opens the wireless scan modal, the unsanitized SSID is rendered as raw HTML, allowing the attacker to execute arbitrary HTML or JavaScript code in the user's browser. This can lead to information disclosure or other malicious activities.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-03-19 23:04:37 UTC
|