{
  "threat_severity" : "Moderate",
  "public_date" : "2026-04-23T14:54:32Z",
  "bugzilla" : {
    "description" : "DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization",
    "id" : "2461147",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2461147"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-79",
  "details" : [ "DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBID_TAGS and FORBID_ATTR handling when function-based ADD_TAGS is used. Commit c361baa added an early exit for FORBID_ATTR at line 1214. The same fix was not applied to FORBID_TAGS. At line 1118-1123, when EXTRA_ELEMENT_HANDLING.tagCheck returns true, the short-circuit evaluation skips the FORBID_TAGS check entirely. This allows forbidden elements to survive sanitization with their attributes intact. Version 3.4.0 patches the issue.", "A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and execute arbitrary code in the user's browser, leading to Cross-Site Scripting (XSS)." ],
  "affected_release" : [ {
    "product_name" : "Cryostat 4 on RHEL 9",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:28010",
    "cpe" : "cpe:/a:redhat:cryostat:4::el9",
    "package" : "cryostat/cryostat-openshift-console-plugin-rhel9:4.2.0-10"
  }, {
    "product_name" : "Cryostat 4 on RHEL 9",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:28010",
    "cpe" : "cpe:/a:redhat:cryostat:4::el9",
    "package" : "cryostat/cryostat-rhel9:4.2.0-10"
  }, {
    "product_name" : "Red Hat Data Grid 8.6.1",
    "release_date" : "2026-06-02T00:00:00Z",
    "advisory" : "RHSA-2026:22619",
    "cpe" : "cpe:/a:redhat:jboss_data_grid:8",
    "package" : "dompurify"
  }, {
    "product_name" : "Red Hat Container Native Virtualization 4.14",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27944",
    "cpe" : "cpe:/a:redhat:container_native_virtualization:4.14::el9",
    "package" : "container-native-virtualization/kubevirt-console-plugin-rhel9:1781807944"
  }, {
    "product_name" : "Red Hat Container Native Virtualization 4.17",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:28001",
    "cpe" : "cpe:/a:redhat:container_native_virtualization:4.17::el9",
    "package" : "container-native-virtualization/kubevirt-console-plugin-rhel9:1781822441"
  }, {
    "product_name" : "Red Hat Container Native Virtualization 4.18",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27875",
    "cpe" : "cpe:/a:redhat:container_native_virtualization:4.18::el9",
    "package" : "container-native-virtualization/kubevirt-console-plugin-rhel9:1781808146"
  }, {
    "product_name" : "Red Hat Container Native Virtualization 4.19",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27872",
    "cpe" : "cpe:/a:redhat:container_native_virtualization:4.19::el9",
    "package" : "container-native-virtualization/kubevirt-console-plugin-rhel9:1781821991"
  }, {
    "product_name" : "Red Hat Container Native Virtualization 4.20",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27967",
    "cpe" : "cpe:/a:redhat:container_native_virtualization:4.20::el9",
    "package" : "container-native-virtualization/kubevirt-console-plugin-rhel9:1781824266"
  }, {
    "product_name" : "Red Hat Container Native Virtualization 4.21",
    "release_date" : "2026-06-22T00:00:00Z",
    "advisory" : "RHSA-2026:27879",
    "cpe" : "cpe:/a:redhat:container_native_virtualization:4.21::el9",
    "package" : "container-native-virtualization/kubevirt-console-plugin-rhel9:1781738713"
  }, {
    "product_name" : "Red Hat Developer Hub 1.8",
    "release_date" : "2026-05-27T00:00:00Z",
    "advisory" : "RHSA-2026:21338",
    "cpe" : "cpe:/a:redhat:rhdh:1.8::el9",
    "package" : "rhdh/rhdh-hub-rhel9:1779841586"
  }, {
    "product_name" : "Red Hat OpenShift AI 2.25",
    "release_date" : "2026-06-10T00:00:00Z",
    "advisory" : "RHSA-2026:24977",
    "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9",
    "package" : "rhoai/odh-dashboard-rhel9:1780467029"
  }, {
    "product_name" : "Red Hat OpenShift AI 2.25",
    "release_date" : "2026-06-10T00:00:00Z",
    "advisory" : "RHSA-2026:24977",
    "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9",
    "package" : "rhoai/odh-mod-arch-model-registry-rhel9:1780467147"
  }, {
    "product_name" : "Red Hat OpenShift Dev Spaces 3.28",
    "release_date" : "2026-05-28T00:00:00Z",
    "advisory" : "RHSA-2026:21772",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3.28::el9",
    "package" : "devspaces/code-rhel9:1779814592"
  }, {
    "product_name" : "Red Hat OpenShift Dev Spaces 3.28",
    "release_date" : "2026-05-28T00:00:00Z",
    "advisory" : "RHSA-2026:21772",
    "cpe" : "cpe:/a:redhat:openshift_devspaces:3.28::el9",
    "package" : "devspaces/openvsx-rhel9:1779528224"
  }, {
    "product_name" : "Red Hat OpenShift Service Mesh 2.6",
    "release_date" : "2026-05-12T00:00:00Z",
    "advisory" : "RHSA-2026:16476",
    "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8",
    "package" : "openshift-service-mesh/kiali-ossmc-rhel8:1778191473"
  } ],
  "package_state" : [ {
    "product_name" : "Cryostat 4",
    "fix_state" : "Affected",
    "package_name" : "cryostat-openshift-console-plugin-npm",
    "cpe" : "cpe:/a:redhat:cryostat:4"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Not affected",
    "package_name" : "migration-toolkit-virtualization/mtv-console-plugin-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Migration Toolkit for Virtualization",
    "fix_state" : "Will not fix",
    "package_name" : "mtv-candidate/mtv-console-plugin-rhel9",
    "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
  }, {
    "product_name" : "Multicluster Engine for Kubernetes",
    "fix_state" : "Not affected",
    "package_name" : "multicluster-engine/console-mce-rhel9",
    "cpe" : "cpe:/a:redhat:multicluster_engine"
  }, {
    "product_name" : "Node HealthCheck Operator",
    "fix_state" : "Not affected",
    "package_name" : "workload-availability/node-healthcheck-must-gather-rhel9",
    "cpe" : "cpe:/a:redhat:workload_availability_nhc:0"
  }, {
    "product_name" : "Node HealthCheck Operator",
    "fix_state" : "Not affected",
    "package_name" : "workload-availability/node-healthcheck-operator-bundle",
    "cpe" : "cpe:/a:redhat:workload_availability_nhc:0"
  }, {
    "product_name" : "Node HealthCheck Operator",
    "fix_state" : "Not affected",
    "package_name" : "workload-availability/node-healthcheck-rhel9-operator",
    "cpe" : "cpe:/a:redhat:workload_availability_nhc:0"
  }, {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Not affected",
    "package_name" : "openshift-lightspeed/lightspeed-console-plugin-419-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Not affected",
    "package_name" : "openshift-lightspeed/lightspeed-console-plugin-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "OpenShift Service Mesh 3",
    "fix_state" : "Not affected",
    "package_name" : "openshift-service-mesh/kiali-ossmc-rhel9",
    "cpe" : "cpe:/a:redhat:service_mesh:3"
  }, {
    "product_name" : "OpenShift Service Mesh 3",
    "fix_state" : "Not affected",
    "package_name" : "openshift-service-mesh/kiali-rhel9",
    "cpe" : "cpe:/a:redhat:service_mesh:3"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "3scale-amp21/system",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "3scale-amp22/system",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "3scale-amp2/system-rhel7",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Will not fix",
    "package_name" : "3scale-amp2/system-rhel8",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "3scale-amp2/system-rhel9",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4",
    "fix_state" : "Not affected",
    "package_name" : "advanced-cluster-security/rhacs-main-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "ansible-automation-platform-26/gateway-rhel9",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "automation-controller",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "automation-eda-controller",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Not affected",
    "package_name" : "automation-gateway",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat Ansible Automation Platform 2",
    "fix_state" : "Affected",
    "package_name" : "automation-platform-ui",
    "cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
  }, {
    "product_name" : "Red Hat build of Apache Camel - HawtIO 4",
    "fix_state" : "Not affected",
    "package_name" : "dompurify",
    "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4"
  }, {
    "product_name" : "Red Hat build of Apicurio Registry 2",
    "fix_state" : "Will not fix",
    "package_name" : "dompurify",
    "cpe" : "cpe:/a:redhat:service_registry:2"
  }, {
    "product_name" : "Red Hat build of Apicurio Registry 3",
    "fix_state" : "Affected",
    "package_name" : "apicurio/apicurio-registry-ui-rhel8",
    "cpe" : "cpe:/a:redhat:apicurio_registry:3"
  }, {
    "product_name" : "Red Hat build of Apicurio Registry 3",
    "fix_state" : "Affected",
    "package_name" : "apicurio/apicurio-registry-ui-rhel9",
    "cpe" : "cpe:/a:redhat:apicurio_registry:3"
  }, {
    "product_name" : "Red Hat Build of Podman Desktop",
    "fix_state" : "Not affected",
    "package_name" : "rh-podman-desktop.git",
    "cpe" : "cpe:/a:redhat:podman_desktop:1"
  }, {
    "product_name" : "Red Hat Ceph Storage 9",
    "fix_state" : "Affected",
    "package_name" : "rhceph/alloy-rhel10",
    "cpe" : "cpe:/a:redhat:ceph_storage:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "grafana",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "grafana",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "grafana",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "fix_state" : "Affected",
    "package_name" : "ruff",
    "cpe" : "cpe:/a:redhat:hummingbird:1"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-dashboard-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Affected",
    "package_name" : "rhoai/odh-mod-arch-gen-ai-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift AI (RHOAI)",
    "fix_state" : "Not affected",
    "package_name" : "rhoai/odh-mod-arch-maas-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_ai"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "openshift3/ose-console",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "openshift4/ose-console",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "openshift4/ose-console-rhel9",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "openshift4/ose-monitoring-plugin-rhel9",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Affected",
    "package_name" : "odf4/ocs-client-console-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Affected",
    "package_name" : "odf4/odf-console-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Affected",
    "package_name" : "odf4/odf-console-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Affected",
    "package_name" : "odf4/odf-multicluster-console-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Affected",
    "package_name" : "odf4/odf-multicluster-console-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  }, {
    "product_name" : "Red Hat OpenShift GitOps",
    "fix_state" : "Affected",
    "package_name" : "openshift-gitops-1/argocd-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1"
  }, {
    "product_name" : "Red Hat OpenShift GitOps",
    "fix_state" : "Affected",
    "package_name" : "openshift-gitops-1/argocd-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1"
  }, {
    "product_name" : "Red Hat OpenShift Virtualization 4",
    "fix_state" : "Not affected",
    "package_name" : "container-native-virtualization/kubevirt-console-plugin",
    "cpe" : "cpe:/a:redhat:container_native_virtualization:4"
  }, {
    "product_name" : "Red Hat Process Automation 7",
    "fix_state" : "Not affected",
    "package_name" : "dompurify",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
  }, {
    "product_name" : "Self-service automation portal 2",
    "fix_state" : "Affected",
    "package_name" : "ansible-automation-platform/automation-portal",
    "cpe" : "cpe:/a:redhat:ansible_portal:2"
  }, {
    "product_name" : "streams for Apache Kafka 2",
    "fix_state" : "Affected",
    "package_name" : "dompurify",
    "cpe" : "cpe:/a:redhat:amq_streams:2"
  }, {
    "product_name" : "streams for Apache Kafka 3",
    "fix_state" : "Not affected",
    "package_name" : "dompurify",
    "cpe" : "cpe:/a:redhat:amq_streams:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-41240\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-41240\nhttps://github.com/cure53/DOMPurify/commit/c361baa18dbdcb3344a41110f4c48ad85bf48f80\nhttps://github.com/cure53/DOMPurify/releases/tag/3.4.0\nhttps://github.com/cure53/DOMPurify/security/advisories/GHSA-h7mw-gpvr-xq4m" ],
  "name" : "CVE-2026-41240",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}