XSS in Thinkst Applied Research Canarytokens
CVE-2026-13140
Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue affects Canarytokens: from Docker tag sha-4116b92cb…
Vulnerability class: XSS (Cross-Site Scripting)
Affected products
- Thinkst Applied Research Canarytokens — versions sha-4116b92cb, 4116b92cb