CVE-2026-13140
Stored Cross-Site Scripting in Canarytokens.org
Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens.
Anonymous exploitation requires knowledge of a random identifier.
This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit 4116b92cb before f5aa5c4e.
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
Affected products
Thinkst Applied Research · CanarytokensWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →