PatchSiren cyber security CVE debrief
CVE-2026-50591 Znuny CVE debrief
CVE-2026-50591 is a medium-severity vulnerability with a CVSS score of 5.4. It affects Znuny LTS before 6.5.21 and Znuny before 7.3.3. The vulnerability allows for stored user preferences XSS attacks. The CVE was published on 2026-06-05T02:17:14.187Z and last modified on 2026-06-05T14:59:31.207Z.
- Vendor
- Znuny
- Product
- Unknown
- CVSS
- MEDIUM 5.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of Znuny LTS before 6.5.21 and Znuny before 7.3.3 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by improper handling of stored user preferences in Znuny LTS and Znuny. This allows an attacker to inject malicious code, leading to XSS attacks.
Defensive priority
Medium
Recommended defensive actions
- Update to Znuny LTS 6.5.21 or later and Znuny 7.3.3 or later.
- Review and sanitize user preferences to prevent malicious code injection.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information is available at [ref-4].
Official resources
-
CVE-2026-50591 CVE record
CVE.org
-
CVE-2026-50591 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-50591 was published on 2026-06-05T02:17:14.187Z and last modified on 2026-06-05T14:59:31.207Z.