What the vulnerability does

01Description

lucy-xss-filter before commit e5826c0 allows an attacker to execute malicious JavaScript due to improper sanitization caused by misconfigured default superset rule files.

Key dates

02Disclosure timeline

January 16, 2026 CVE published
January 16, 2026 Record updated