HIGH
xmldom
CVE published 2026-04-02
CVE-2026-34601
CVE-2026-34601 is a HIGH severity vulnerability in xmldom, a JavaScript XML DOM module. The vulnerability allows for XML structure injection via attacker-supplied strings containing the CDATA terminator ]]> . During serialization, XMLSerializer emitted the CDATA content verbatim without rejecting or safely splitting the terminator. As a result, data intended to remain text-only became active XML markup in [truncated]