What is CVE-2026-12812?

CVE-2026-12812 is a low-severity vulnerability in Radware Cyber Controller, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 3.5/10. Published 2026-06-21.

How severe is CVE-2026-12812?

Low severity. CVSS v3 base score is 3.5 out of 10.

XSS in Radware Cyber Controller

CVE-2026-12812

A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is poss…

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N.

Affected products

Radware Cyber Controller — versions 10.0, 10.1, 10.2

Weakness classification (CWE)

CWE-74 — Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)
CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

References

cna@vuldb.com (vdb-entry)
cna@vuldb.com (signature, permissions-required)
cna@vuldb.com (third-party-advisory)
cna@vuldb.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-12812?: CVE-2026-12812 is a low-severity vulnerability in Radware Cyber Controller, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 3.5/10. Published 2026-06-21.
How severe is CVE-2026-12812?: Low severity. CVSS v3 base score is 3.5 out of 10.