CVE-2026-11859
LowCVSS 2.0Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
CVE-2026-11859 describes an HTML injection vulnerability in the 'fetch links' emails sent by Thinkst Applied Research Canarytokens, allowing for Interface Manipulation and Cross-Site Scripting (XSS) in email clients that render HTML emails.
Risk Assessment
This vulnerability may lead to unauthorized access to user data and allow attackers to execute malicious code in the victim's browser context.
Recommendation
It is recommended to update Canarytokens to a version that is not vulnerable to this issue and to monitor emails for suspicious links.
Original NVD description (English source)
An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from Git commit c0f3cf142 before 08c3f93d.

