CVE-2026-1434 MEDIUM

CVE-2026-1434: Reflected XSS in Omega-PSIR

Vendor Politechnika Warszawska

Product Omega-PSIR

Weakness CWE-79 · XSS

Published February 27, 2026

Last update February 27, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7.

Key dates

02Disclosure timeline

February 27, 2026 CVE published

February 27, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-1434 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2026-1434

CWE CWE-79

CVSS 5.1 / MEDIUM

Affected versions