PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-11859 Thinkst Applied Research CVE debrief

CVE-2026-11859 is an HTML injection vulnerability in the 'fetch links' email sent by Thinkst Applied Research Canarytokens. This issue enables Interface Manipulation and Cross-Site Scripting (XSS) in email clients that render HTML emails. The vulnerability affects Canarytokens from Docker tag sha-c0f3cf142 before sha-08c3f93d and from Git commit c0f3cf142 before 08c3f93d. The CVSS score for this vulnerability is 2, with a severity rating of LOW.

Vendor
Thinkst Applied Research
Product
Canarytokens
CVSS
LOW 2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-10
Original CVE updated
2026-06-10
Advisory published
2026-06-10
Advisory updated
2026-06-10

Who should care

Users of Thinkst Applied Research Canarytokens, particularly those who use email clients that render HTML emails, should be aware of this vulnerability. This vulnerability could potentially allow attackers to manipulate the interface and execute Cross-Site Scripting (XSS) attacks.

Technical summary

The vulnerability is caused by an HTML injection issue in the 'fetch links' email sent by Canarytokens. This allows an attacker to inject malicious HTML code, potentially leading to Interface Manipulation and Cross-Site Scripting (XSS) attacks in vulnerable email clients.

Defensive priority

LOW

Recommended defensive actions

  • Update Canarytokens to the latest version (Docker tag sha-08c3f93d or later, or Git commit 08c3f93d or later) to fix the vulnerability.
  • Use email clients that do not render HTML emails or have strict security settings for rendering HTML content.

Evidence notes

The CVE record for CVE-2026-11859 can be found at [cve-org]. More details about the vulnerability are available at [ref-4], which includes information about the affected versions and the fix.

Official resources

CVE-2026-11859 was published on 2026-06-10T12:16:25.067Z and modified on 2026-06-10T20:13:47.847Z.