HTML injection in the Canarytoken links email
CVE-2026-11859

2LOW

Key Information:

Vendor: Thinkst Applied Research
Status: Canarytokens
Vendor: CVE Published:; 10 June 2026

🔔 Create Thinkst Applied Research Vulnerability Alert

What is CVE-2026-11859?

An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails.

This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from Git commit c0f3cf142 before 08c3f93d.

Affected Version(s)

Canarytokens sha-c0f3cf142

Canarytokens c0f3cf142 < 08c3f93d

References

https://github.com/thinkst/canarytokens/security/advisori...

CVSS V4

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2026
Vulnerability Reserved
Jun 10, 2026

Credit

Arkadiusz Marta

CVE-2026-11859 Data

JSON