PatchSiren

xmldom CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH xmldom CVE published 2026-04-02

CVE-2026-34601

CVE-2026-34601 is a HIGH severity vulnerability in xmldom, a JavaScript XML DOM module. The vulnerability allows for XML structure injection via attacker-supplied strings containing the CDATA terminator ]]> . During serialization, XMLSerializer emitted the CDATA content verbatim without rejecting or safely splitting the terminator. As a result, data intended to remain text-only became active XML markup in [truncated]