CVE-2026-6179

Summary

Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser

Affected Software

VendorProductVersion RangeStatus
FPT SoftwareNightWolf Penetration Testing Platform2.1.5affected
FPT SoftwareNightWolf Penetration Testing Platform2.1.6unaffected

Weaknesses

  • CWE-79: CWE-79 Improper neutralization of input during web page generation ('cross-site scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References