PatchSiren

PasswordPusher CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM PasswordPusher CVE published 2026-07-08

CVE-2026-59802

CVE-2026-59802 is a MEDIUM severity vulnerability in PasswordPusher before 2.8.1. The vulnerability is caused by insufficient validation in the valid_url function, which accepts data URI schemes in URL push payloads. This allows attackers to create malicious pushes containing data:text/html URIs that execute arbitrary JavaScript in victims' browsers when clicked, enabling phishing and credential theft und [truncated]