PatchSiren cyber security CVE debrief
CVE-2026-48966 FunnelKit CVE debrief
CVE-2026-48966 is a HIGH severity Unauthenticated Cross Site Scripting (XSS) vulnerability in Funnel Builder by FunnelKit versions <= 3.15.0.2. The vulnerability was published on [cvePublishedAt] and modified on [cveModifiedAt]. The CVSS score is 7.1.
- Vendor
- FunnelKit
- Product
- Funnel Builder by FunnelKit
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Funnel Builder by FunnelKit versions <= 3.15.0.2 should apply patches or mitigations to prevent exploitation of this vulnerability.
Technical summary
CVE-2026-48966 is a Cross Site Scripting (XSS) vulnerability in Funnel Builder by FunnelKit. The vulnerability has a CVSS score of 7.1 and is classified as HIGH severity.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates to Funnel Builder by FunnelKit to version > 3.15.0.2.
- Review and restrict user input to prevent XSS attacks.
Evidence notes
Evidence from Patchstack indicates a vulnerability in Funnel Builder by FunnelKit.
Official resources
-
CVE-2026-48966 CVE record
CVE.org
-
CVE-2026-48966 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-48966 was published on 2026-06-15T21:17:18.433Z and modified on 2026-06-15T21:24:32.790Z.