CVE-2026-38949 Blast Radius

HIGH • CVSS 8.9Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint.

Is Your Infrastructure Using These Packages?

EchelonGraph automatically scans your cloud infrastructure and SBOMs to map your exposure to vulnerabilities like CVE-2026-38949.

Start Free Scan →← Back to CVE-2026-38949