CVE Catalog

CVE-2026-44541

HighCVSS 7.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.05%

14th percentile - higher than 14% of all known CVEs

Summary

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue has been patched in version 2.84.5.

Risk Assessment

This vulnerability may allow attackers to execute malicious code in the user's browser context, potentially leading to data theft or session hijacking.

Recommendation

It is recommended to upgrade to version 2.84.5 or later to mitigate this vulnerability.

Original NVD description (English source)

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue has been patched in version 2.84.5.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS