CVE-2026-44541
HighCVSS 7.0Exploitation Probability (EPSS)
Low risk14th percentile - higher than 14% of all known CVEs
Summary
Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue has been patched in version 2.84.5.
Risk Assessment
This vulnerability may allow attackers to execute malicious code in the user's browser context, potentially leading to data theft or session hijacking.
Recommendation
It is recommended to upgrade to version 2.84.5 or later to mitigate this vulnerability.
Original NVD description (English source)
Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue has been patched in version 2.84.5.

