CVE-2026-3457 Thales CVE debrief

Who should care

Organizations using Thales Sentinel LDK Runtime on Windows should be aware of this vulnerability and take steps to upgrade to the latest version. The vulnerability has a HIGH severity score and could potentially be used to compromise affected systems. Users of affected versions should review the CVE record and NVD detail for additional information.

Technical summary

CVE-2026-3457 is a Stored Cross-site Scripting vulnerability in Thales Sentinel LDK Runtime on Windows. The vulnerability allows an attacker to inject malicious code into the application, which can then be executed by other users. The vulnerability has a CVSS score of 7.1 and is considered HIGH severity. The vulnerability was fixed in Sentinel LDK Runtime 10.22. Users of affected versions should upgrade to the latest version to prevent exploitation.

Defensive priority

Upgrade to Sentinel LDK Runtime 10.22 or later to prevent exploitation of this vulnerability. Review the CVE record and NVD detail for additional information on the vulnerability and potential mitigations.

Recommended defensive actions

• Upgrade to Sentinel LDK Runtime 10.22 or later
• Review the CVE record and NVD detail for additional information on the vulnerability and potential mitigations
• Monitor systems for potential exploitation attempts

Evidence notes

The vulnerability was published on April 7, 2026, and has a CVSS score of 7.1. The vulnerability was fixed in Sentinel LDK Runtime 10.22. The CVE record and NVD detail provide additional information on the vulnerability.

Official resources