Remote Code Execution Vulnerability in Plate Rich-Text Editor by udecode
CVE-2026-55596
8.7HIGH
What is CVE-2026-55596?
The Plate Rich-Text Editor versions 53.0.0 through 53.1.4 contain a security flaw in its media embed renderer. This issue allows an attacker to manipulate serialized metadata in a crafted document, bypassing the necessary protocol validation for media URLs. As a result, a malicious actor can embed a JavaScript payload in an iframe, which gets executed when the document is opened by a victim. This vulnerability has been addressed in the latest version 53.1.4, encouraging users to upgrade to mitigate potential risks.
Affected Version(s)
plate >= 53.0.0, < 53.1.4
