CVE-2026-5301

Published: Apr 8, 2026Modified: Apr 16, 2026

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Stored XSS in log viewer in CoolerControl/coolercontrol-ui <4.0.0 allows unauthenticated attackers to take over the service via malicious JavaScript in poisoned log entries

Affected (1)

Products: Coolercontrol: Coolercontrold

Coolercontrol

1 product

Coolercontrold

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Coolercontrol Coolercontrold	Before 4.0.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (3)

https://gitlab.com/coolercontrol/coolercontrol/-/blob/2.0.0/coolercontrol-ui/src/views/AppInfoView.vue?ref_type=tags#L224

Source: cve@gitlab.com

Product

https://gitlab.com/coolercontrol/coolercontrol/-/blob/3.1.1/coolercontrol-ui/src/views/AppInfoView.vue?ref_type=tags#L350

Source: cve@gitlab.com

Product

https://gitlab.com/coolercontrol/coolercontrol/-/releases/4.0.0

Source: cve@gitlab.com

Release Notes

Timeline

No history available yet.