CVE Catalog
CVE-2026-56045
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk0.18%
8th percentile — higher than 8% of all known CVEs
Summary
The vulnerability allows an unauthenticated attacker to perform XSS attacks in Automatic versions prior to 3.135.1.
Risk Assessment
An attacker can inject malicious JavaScript code, leading to session theft, redirects, or data theft from users.
Recommendation
Immediately update the Automatic plugin to version 3.135.1 or later.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.

