Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Mistakes in HTML Template Code Can Lead to Website Hacking
GO-2026-4865
CVE-2026-32289
Summary
A bug in some HTML templates can allow hackers to inject malicious code into a website, potentially taking control of it. This issue affects websites that use a specific type of template engine. To stay safe, website owners should update their template engine to a fixed version.
What to do
- Update stdlib to version 1.26.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | stdlib | > 1.26.0-0 , <= 1.26.2 | 1.26.2 |
Original title
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within J...
Original description
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.
Published: 8 Apr 2026 · Updated: 9 Apr 2026 · First seen: 8 Apr 2026