Stored Cross-Site Scripting Vulnerability in Grimmory Digital Library
CVE-2026-42451

6.3MEDIUM

Key Information:

Vendor: Grimmory-tools
Status: Grimmory
Vendor: CVE Published:; 8 May 2026

🔔 Create Grimmory-tools Vulnerability Alert

What is CVE-2026-42451?

A security flaw was identified in Grimmory's browser-based EPUB reader, which allows attackers to execute arbitrary JavaScript code through crafted EPUB files. Prior to version 2.3.1, this vulnerability enables exploitation of the application's session context, leading to potential session token theft and complete account takeover, including access to admin accounts if compromised by an administrator. Users are advised to update to version 2.3.1 or later to mitigate this risk.

Affected Version(s)

grimmory < 2.3.1

References

https://github.com/grimmory-tools/grimmory/security/advis...

x_refsource_CONFIRM

http://github.com/grimmory-tools/grimmory/releases/tag/v2...

x_refsource_MISC

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2026
Vulnerability Reserved
Apr 27, 2026

CVE-2026-42451 Data

JSON