CVE-2026-49074 Jetimpex Inc. CVE debrief

Who should care

Administrators and users of JetEngine versions up to 3.8.9.1 should be aware of this vulnerability and take immediate action to patch affected installations. Web application security teams and developers using JetEngine should prioritize updating to a patched version.

Technical summary

CVE-2026-49074 is a high-severity Unauthenticated Cross Site Scripting (XSS) vulnerability in JetEngine versions up to 3.8.9.1. The vulnerability has a CVSS score of 7.1 and a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. It allows attackers to inject malicious scripts into web pages viewed by other users without requiring authentication. The CWE-79 weakness is associated with this vulnerability.

Defensive priority

High

Recommended defensive actions

• Apply patches to update JetEngine to a version beyond 3.8.9.1.
• Review and restrict user input to prevent malicious script injection.
• Implement Content Security Policy (CSP) to mitigate XSS attacks.
• Monitor JetEngine installations for signs of exploitation.
• Use a Web Application Firewall (WAF) to detect and prevent XSS attacks.
• Regularly update and patch all software components.

Evidence notes

The CVE record and NVD detail provide information on this vulnerability. The CVE was published on June 17, 2026, and last modified on the same day. The vulnerability was reported by Patchstack.

Official resources