What is CVE-2026-25736?

CVE-2026-25736 is a medium-severity vulnerability in Rucio, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2026-02-25.

How severe is CVE-2026-25736?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Rucio

CVE-2026-25736

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) v…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (25.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N.

Affected products

Rucio — versions < 35.8.3, >= 36.0.0rc1, < 38.5.4, >= 39.0.0rc1, < 39.3.1

Weakness classification (CWE)

References

https://github.com/rucio/rucio/security/advisories/GHSA-fq4f-4738-rqxm (x_refsource_CONFIRM)
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html (x_refsource_MISC)
https://github.com/rucio/rucio/releases/tag/35.8.3 (x_refsource_MISC)
https://github.com/rucio/rucio/releases/tag/38.5.4 (x_refsource_MISC)
https://github.com/rucio/rucio/releases/tag/39.3.1 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-25736?: CVE-2026-25736 is a medium-severity vulnerability in Rucio, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2026-02-25.
How severe is CVE-2026-25736?: Medium severity. CVSS v3 base score is 6.1 out of 10.