CVE-2026-3457 HIGH

CVE-2026-3457: Stored XSS vulnerability in Sentinel ACC

Vendor Thales

Product Sentinel LDK Runtime

Weakness CWE-79 · XSS

Published March 27, 2026

Last update March 27, 2026

View on NVD All CVEs

CVSS base score

7.0/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:P

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22.

Key dates

02Disclosure timeline

March 27, 2026 CVE published

March 27, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-3457 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2023-5665 Payment Forms for Paystack <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2022-2325 Invitation Based Registrations <= 2.2.84 - Admin+ Stored Cross-Site Scripting CVE-2025-54297 Extension - compojoom.com - Stored XSS vulnerability in CComment component 5.0.0-6.1.14 for Joomla CVE-2025-67483 Theoretical i18n XSS in mediawiki.page.preview.js when a page has multiple protection levels CVE-2021-32745 Reflected Cross-Site-Scripting vulnerability