PatchSiren

gristlabs CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH gristlabs CVE published 2026-07-10

CVE-2026-55665

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-10T21:16:56.847Z and has not been modified since then. Grist spreadsheet software, using Python as its formula language, contained two cross-site scripting vulnerabilities prior to version 1.7.15. An attacker-controlled value could reach a link's href without scheme validation, allowing a JavaScript [truncated]

MEDIUM gristlabs CVE published 2026-07-10

CVE-2026-55664

CVE-2026-55664 is a vulnerability in Grist spreadsheet software that allows users with partial read access to request metadata of any widget, potentially revealing table and column structure that access rules would otherwise hide. The issue is fixed in version 1.7.15. This vulnerability has a CVSS score of 4.3 and a severity of MEDIUM. Users with only partial read access, including public access on a publ [truncated]

HIGH gristlabs CVE published 2026-07-10

CVE-2026-55659

CVE-2026-55659 is a high-severity cross-site scripting vulnerability in Grist spreadsheet software prior to version 1.7.15. The vulnerability allows an attacker to inject malicious scripts into the application, potentially leading to escalation of privileges. The vulnerability exists due to improper escaping of user-controlled values in server-rendered Grist pages and inline scripts. An attacker could inj [truncated]