PatchSiren

lucee CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM lucee CVE published 2026-07-10

CVE-2026-29519

CVE-2026-29519 is a reflected cross-site scripting vulnerability affecting Lucee CFML Server versions across the 5.3.x, 6.1.x, 6.2.x, and 7.0.x release lines. The vulnerability allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by embedding HTML or JavaScript payloads within the request path. Attackers can craft a malicious URL containing injected script content [truncated]