PatchSiren cyber security CVE debrief
CVE-2026-45778 ubccr CVE debrief
CVE-2026-45778 is a high-severity vulnerability in Open XDMoD, a framework for collecting and analyzing HPC metrics. An authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page. When visited by the victim, the page reflects and executes the unsanitized payload in the victim's browser, potentially leading to credential capture and Open XDMoD account takeover. The vulnerability has a CVSS score of 8.6 and is considered HIGH severity.
- Vendor
- ubccr
- Product
- xdmod
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-10
Who should care
Open XDMoD users and administrators should be aware of this vulnerability and take immediate action to patch their installations.
Technical summary
The vulnerability exists in Open XDMoD versions prior to 11.0.3. An attacker can inject malicious JavaScript into their user profile, which can then be executed by other users who visit the affected page. The vulnerability is caused by a lack of proper input sanitization.
Defensive priority
High
Recommended defensive actions
- Apply the patch manually by updating to Open XDMoD version 11.0.3 or later.
- Review and sanitize user input to prevent similar vulnerabilities in the future.
Evidence notes
The vulnerability was reported privately on 2026-04-06 and patched in Open XDMoD 11.0.3 on 2026-05-12. There is no evidence that this vulnerability has been exploited in the wild.
Official resources
-
CVE-2026-45778 CVE record
CVE.org
-
CVE-2026-45778 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Patch, Vendor Advisory
CVE-2026-45778 was published on 2026-06-05T20:17:32.857Z and modified on 2026-06-10T21:05:23.903Z.