What is GHSA-jqp5-9296-xf42?

GHSA-jqp5-9296-xf42 is a security advisory published by GitHub Security Advisories with Critical severity. Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the...

Which CVE IDs does GHSA-jqp5-9296-xf42 cover?

GHSA-jqp5-9296-xf42 covers the following CVE IDs: CVE-2026-9645. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-jqp5-9296-xf42?

GHSA-jqp5-9296-xf42 has a CVSS v3 base score of 9.9, published by GitHub Security Advisories.

GHSA-jqp5-9296-xf42CriticalCVSS 9.9

Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the...

Vendor

GitHub Security Advisories

Published

May 28, 2026

Last Modified

May 28, 2026

🔗 CVE IDs covered (1)

CVE-2026-9645 →

📋 Description

Exposed methods allow authenticated users to create and execute arbitrary JavaScript code on the server. The scripts execute with full access, enabling complete system compromise as commands are executed as root.

🔗 References (3)

https://nvd.nist.gov/vuln/detail/CVE-2026-9645
https://www.tenable.com/security/research/tra-2026-46
https://github.com/advisories/GHSA-jqp5-9296-xf42