Improper Sanitization in Naver's Lucy XSS Filter Allows JavaScript Execution
CVE-2026-23769

6.5MEDIUM

Key Information:

Vendor: Naver
Status: Lucy-xss-filter
Vendor: CVE Published:; 16 January 2026

What is CVE-2026-23769?

The Naver Lucy XSS Filter is susceptible to an issue that allows attackers to execute unauthorized JavaScript code. This vulnerability arises from improper sanitization due to misconfigured default superset rule files, which may allow attackers to manipulate the filtering process. This issue emphasizes the importance of proper configuration and validation to mitigate potential security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

lucy-xss-filter e5826c0d26b4f546955279767bbe94e5c7ed3f15

References

https://cve.naver.com/detail/cve-2026-23769.html

vendor-advisory

https://github.com/naver/lucy-xss-filter/pull/32

mitigation

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2026
Vulnerability Reserved
Jan 16, 2026

Credit

Younghun Ko of AhnLab

JSON

Naver