CVE-2026-43892

Summary

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16.

Affected Software

VendorProductVersion RangeStatus
AntSwordProjectantSword< 2.1.16affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • CWE-94: CWE-94: Improper Control of Generation of Code ('Code Injection')
  • CWE-1188: CWE-1188: Insecure Default Initialization of Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References