← back
CVE-2026-30691

CVE-2026-30691

CVSS 6.1 MEDIUMEPSS 0.3%CWE-79
Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanitize file content and explicitly casts raw data as a ReactNode
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected products
n/a · n/a
public PoCs found1
githubgithub.com/walidriouah/CVE-2026-306910
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/cyntler/react-doc-viewer/issues/317https://github.com/walidriouah/CVE-2026-30691