MEDIUM
Plane
CVE published 2026-06-17
CVE-2026-10850
CVE-2026-10850 is a vulnerability in Plane CE 1.3.1 that allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API v1 intake endpoint. This vulnerability has a CVSS score of 6.9, indicating a medium severity. The vulnerability exists due to insufficient input validation and sanitization in the description_html field, [truncated]