PatchSiren cyber security CVE debrief
CVE-2026-44541 ethyca CVE debrief
CVE-2026-44541 is a high-severity DOM-based XSS vulnerability in Fides, a privacy engineering platform. The vulnerability affects versions 2.33.0 to before 2.84.5 and is caused by the fides_description override in fides.js. This issue has been patched in version 2.84.5.
- Vendor
- ethyca
- Product
- fides
- CVSS
- HIGH 7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-09
Who should care
Users of Fides, a privacy engineering platform, should be aware of this vulnerability if they are using versions 2.33.0 to before 2.84.5.
Technical summary
CVE-2026-44541 is a DOM-based XSS vulnerability in Fides, affecting versions 2.33.0 to before 2.84.5. The vulnerability is caused by the fides_description override in fides.js.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to version 2.84.5 or later to patch the vulnerability.
Evidence notes
The CVE-2026-44541 vulnerability has been patched in version 2.84.5. Users can refer to [ref-5](https://github.com/ethyca/fides/releases/tag/2.84.5) for more information.
Official resources
CVE-2026-44541 was published on 2026-06-08T21:16:45.673Z and modified on 2026-06-09T15:25:56.860Z.