XSS in Apache Software Foundation Storm Ui

CVE-2026-35565

Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream nam…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (1.3th percentile) — read the EPSS interpretation.