MEDIUM
cyntler
CVE published 2026-05-20
CVE-2026-30691
CVE-2026-30691 describes a cross-site scripting issue in @cyntler/react-doc-viewer v1.17.1 where a crafted .txt file can cause TXTRenderer to render attacker-controlled content without proper sanitization. Because the component explicitly casts raw file data as a ReactNode, malicious markup or script-bearing input may be interpreted in the browser context of the viewing application. The CVE was published [truncated]