blob: 6ce2fda327119b6b368660043cfe8d20e11f21b3 [file]
id: GO-2026-5662
modules:
- module: github.com/prometheus/prometheus
versions:
- fixed: 0.311.2-0.20260410083055-07c6232d159b
non_go_versions:
- introduced: 3.0.0
- fixed: 3.5.2
- introduced: 3.6.0
- fixed: 3.11.2
vulnerable_at: 0.311.1
summary: |-
Prometheus has Stored XSS via metric names and label values in Prometheus web UI
in github.com/prometheus/prometheus
cves:
- CVE-2026-40179
ghsas:
- GHSA-vffh-x6r8-xx99
references:
- advisory: https://github.com/prometheus/prometheus/security/advisories/GHSA-vffh-x6r8-xx99
- fix: https://github.com/prometheus/prometheus/commit/07c6232d159bfb474a077788be184d87adcfac3c
- fix: https://github.com/prometheus/prometheus/pull/18506
source:
id: GHSA-vffh-x6r8-xx99
created: 2026-06-25T15:46:19.777474719-04:00
review_status: REVIEWED