SVG Upload Vulnerability in DNN by DNN Software
CVE-2026-40321

8.1HIGH

Key Information:

Vendor: Dnnsoftware
Status: Dnn.platform
Vendor: CVE Published:; 17 April 2026

🔔 Create Dnnsoftware Vulnerability Alert

What is CVE-2026-40321?

DNN, an open-source web content management system, is vulnerable to an issue that allows users to upload specifically crafted SVG files. These files can contain scripts that potentially target both authenticated and unauthenticated users within the platform. The risk escalates when such scripts are executed by power users. The vulnerability has been addressed in version 10.2.2, which patches this critical issue.

Affected Version(s)

Dnn.Platform < 10.2.2

References

https://github.com/dnnsoftware/Dnn.Platform/security/advi...

x_refsource_CONFIRM

https://github.com/dnnsoftware/Dnn.Platform/releases/tag/...

x_refsource_MISC

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-40321 Data

JSON