Stored XSS Vulnerability in CoolerControl's User Interface
CVE-2026-5301

7.6HIGH

Key Information:

Vendor: Coolercontrol
Status: Coolercontrol-ui
Vendor: CVE Published:; 8 April 2026

🔔 Create Coolercontrol Vulnerability Alert

What is CVE-2026-5301?

A Stored XSS vulnerability exists in the log viewer of CoolerControl's user interface prior to version 4.0.0. This flaw allows unauthenticated attackers to inject malicious JavaScript into log entries, potentially compromising the service and enabling control over the affected environment. The vulnerability can be exploited by leveraging the log's unfiltered input, thereby executing harmful scripts whenever the log is viewed.

Affected Version(s)

coolercontrol-ui 2.0.0 < 4.0.0

References

https://gitlab.com/coolercontrol/coolercontrol/-/blob/2.0...

https://gitlab.com/coolercontrol/coolercontrol/-/blob/3.1...

https://gitlab.com/coolercontrol/coolercontrol/-/releases...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 8, 2026
Vulnerability Reserved
Apr 1, 2026

Credit

https://gitlab.com/lassi-3

CVE-2026-5301 Data

JSON