CVE-2026-10729 LOW

CVE-2026-10729: HTML injection in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens

Vendor Thinkst Applied Research
Product Canarytokens
Weakness CWE-74
Published June 3, 2026
Last update June 3, 2026

CVSS base score

1.2/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:P/AU:N/RE:L/U:Green

What the vulnerability does

01Description

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c42435e before sha-bfda4df, from Git commit c42435e before bfda4df.

Key dates

02Disclosure timeline

June 3, 2026 CVE published
June 3, 2026 Record updated