XSS in Thales Sentinel Ldk Runtime

CVE-2026-3457

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (10.1th percentile) — read the EPSS interpretation.

Affected products

Thales Sentinel Ldk Runtime — versions 0

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

supportportal.thalesgroup.com/csm (vendor-advisory)