CVE-2026-44371

Summary

Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2.

Affected Software

VendorProductVersion RangeStatus
OSCondemand< 4.0.11affected
OSCondemand>= 4.1.0, < 4.1.5affected
OSCondemand>= 4.2.0, < 4.2.2affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References