CVE-2026-25136: Rucio WebUI has a Reflected Cross-site Scripting Vulnerability
(updated )
A reflected Cross-site Scripting vulnerability was located in the rendering of the ExceptionMessage of the WebUI 500 error which could allow attackers to steal login session tokens of users who navigate to a specially crafted URL.
References
- cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
- github.com/advisories/GHSA-h79m-5jjm-jm4q
- github.com/rucio/rucio
- github.com/rucio/rucio/releases/tag/35.8.3
- github.com/rucio/rucio/releases/tag/38.5.4
- github.com/rucio/rucio/releases/tag/39.3.1
- github.com/rucio/rucio/security/advisories/GHSA-h79m-5jjm-jm4q
- nvd.nist.gov/vuln/detail/CVE-2026-25136
Code Behaviors & Features
Detect and mitigate CVE-2026-25136 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →