CVE Catalog

CVE-2026-49074

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

There is an unauthenticated Cross Site Scripting (XSS) vulnerability in JetEngine versions <= 3.8.9.1. An attacker can exploit this flaw to inject malicious scripts in the user's context.

Risk Assessment

This vulnerability may lead to user data theft or session hijacking, posing a serious threat to the application's security and the organization's data.

Recommendation

It is recommended to update JetEngine to the latest version to mitigate this vulnerability and conduct a security audit of the application.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS