Cross-Site Scripting Vulnerability in Pen Drive Report Generator by Red Hat
CVE-2026-13083

6.9MEDIUM

Key Information:

Vendor: Red Hat
Status: Pen Drive Powered By Red Hat Lightspeed
Vendor: CVE Published:; 25 June 2026

What is CVE-2026-13083?

A vulnerability has been identified in the Pen Drive report generator that allows an attacker with cluster administrator privileges to inject malicious scripts into HTML reports. This occurs due to inadequate escaping and sanitization of cluster-sourced data, particularly in components like the ClusterVersion spec.channel. When victims view these compromised reports, the injected script executes in their browser, potentially leading to unauthorized actions or data theft.

References

https://access.redhat.com/security/cve/CVE-2026-13083

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2491886

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 23, 2026

Credit

This issue was discovered by Jon Weiser (Red Hat), Oleg Sushchenko (Red Hat), and Raul Bringas (Red Hat).

CVE-2026-13083 Data

JSON