What is CVE-2026-27787?

CVE-2026-27787 is a medium-severity vulnerability in Icz Corporation Matcha Sns, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2026-04-08.

How severe is CVE-2026-27787?

Medium severity. CVSS v3 base score is 5.4 out of 10.

XSS in Icz Corporation Matcha Sns

CVE-2026-27787

Cross-site scripting vulnerability exists in MATCHA SNS 1.3.9 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (10.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.4 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N.

Affected products

Icz Corporation Matcha Sns — versions 1.3.9 and earlier

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

oss.icz.co.jp/news/
jvn.jp/en/jp/JVN33581068/

Frequently asked questions

What is CVE-2026-27787?: CVE-2026-27787 is a medium-severity vulnerability in Icz Corporation Matcha Sns, classified under Cross-site Scripting. CVSS score: 5.4/10. Published 2026-04-08.
How severe is CVE-2026-27787?: Medium severity. CVSS v3 base score is 5.4 out of 10.