Stored XSS Vulnerability in Bludit by Bludit
CVE-2026-27742

5.1MEDIUM

Key Information:

Vendor: Bludit
Status: Bludit
Vendor: CVE Published:; 23 February 2026

What is CVE-2026-27742?

Bludit version 3.16.2 is susceptible to a stored cross-site scripting vulnerability due to inadequate server-side sanitation of post content. This flaw allows authenticated users to inject arbitrary JavaScript into the content area of posts. When these posts are viewed by other users, the malicious script executes within their browser sessions, potentially leading to session hijacking, credential theft, and unauthorized content manipulation. Mitigating this vulnerability is critical to protecting user data and maintaining the integrity of the application.

Affected Version(s)

Bludit 0 <= 3.16.2

References

https://github.com/bludit/bludit/issues/1579

issue-tracking

https://www.vulncheck.com/advisories/bludit-stored-xss-in...

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 23, 2026
Vulnerability Reserved
Feb 23, 2026

Credit

Catalin Iovita (@catalin-iovita)

Beatriz Fresno Naumova

CVE-2026-27742 Data

JSON