CVE-2026-21730 Verint CVE debrief

Who should care

Organizations operating Verint Verba Collaboration Compliance and Quality Management Platform versions prior to 10.0.6, particularly those with administrative staff who routinely review authentication logs through the web interface.

Technical summary

The Verba platform's login logging mechanism fails to sanitize the username parameter before persisting failed authentication attempts to application logs. An unauthenticated attacker can submit a crafted username containing an XSS payload during a failed login. When an administrator subsequently accesses the web-based log viewer, the payload renders and executes in the administrator's browser session. The attack requires no privileges and minimal user interaction (administrator log review). The vulnerability is classified as CWE-79 and was resolved in version 10.0.6.

Defensive priority

medium

Recommended defensive actions

• Upgrade Verint Verba Collaboration Compliance and Quality Management Platform to version 10.0.6 or later to remediate this vulnerability.
• Restrict access to the application log viewer to authorized administrative personnel only, using network segmentation and strong authentication where possible.
• Implement Content Security Policy (CSP) headers and additional output encoding for log viewer interfaces to reduce XSS impact.
• Review application logs for suspicious username entries containing script tags or encoded payloads that may indicate prior exploitation attempts.

Evidence notes

The vulnerability is documented in NVD with CVSS 4.0 vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X, scoring 5.3 (MEDIUM). CWE-79 (Improper Neutralization of Input During Web Page Generation) is identified as the weakness. Affected versions are prior to 10.0.6 per CPE criteria.

Official resources