PatchSiren

Plane CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Plane CVE published 2026-06-17

CVE-2026-10850

CVE-2026-10850 is a vulnerability in Plane CE 1.3.1 that allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API v1 intake endpoint. This vulnerability has a CVSS score of 6.9, indicating a medium severity. The vulnerability exists due to insufficient input validation and sanitization in the description_html field, [truncated]