CVE-2026-54477
MEDIUMDescription
The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2026-54477? +
How severe is CVE-2026-54477? +
How do I check if I'm vulnerable to CVE-2026-54477? +
Related Vulnerabilities
Craft CMS is a content management system (CMS). Versions 4.0.0-RC1 and above, prior to 4.18.0 and 5.0.0-RC1, and above, prior …
Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially …
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of …
OAuth2-Proxy is an open-source tool that can act as either a standalone reverse proxy or a middleware component integrated into …
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass …
Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which …