Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.1
Hayabusa versions before 3.8.0 allow attackers to inject code into reports
CVE-2026-40028
Summary
If you use Hayabusa, an attacker could potentially inject malicious code into reports generated from exported logs, allowing them to steal sensitive information or take control of the examiner's session. This is a risk because it allows an attacker to access your data or take control of the system being used to view the report. To protect yourself, update to Hayabusa version 3.8.0 or later.
Original title
Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported...
Original description
Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the Computer field of JSON logs that executes in the forensic examiner's browser session when viewing the generated HTML report, leading to information disclosure or code execution.
nvd CVSS3.1
5.4
nvd CVSS4.0
5.1
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 8 Apr 2026 · Updated: 8 Apr 2026 · First seen: 8 Apr 2026