CVE-2026-41557 PressLayouts CVE debrief

Who should care

Administrators and users of Kapee versions prior to 1.7.1 should be aware of this vulnerability and take steps to mitigate it. Web application security teams and developers using Kapee themes should also be informed.

Technical summary

CVE-2026-41557 is a high-severity Unauthenticated Cross Site Scripting (XSS) vulnerability in Kapee versions prior to 1.7.1. The vulnerability has a CVSS score of 7.1 and a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. It is classified under CWE-79. The vulnerability allows attackers to inject malicious scripts into web pages viewed by other users.

Defensive priority

High

Recommended defensive actions

• Update Kapee to version 1.7.1 or later
• Review and sanitize user input to prevent malicious script injection
• Implement Content Security Policy (CSP) to restrict script sources
• Monitor website activity for suspicious behavior
• Educate users on the risks of XSS vulnerabilities
• Regularly update and patch software dependencies

Evidence notes

The CVE record and NVD detail provide information on this vulnerability. The vulnerability was reported by [email protected] and has a trust class of official_vulnerability_database.

Official resources