What is CVE-2026-41200?

CVE-2026-41200 is a vulnerability in Nuwcdivnpt Stig-manager, classified under Cross-site Scripting. Published 2026-04-23.

Is CVE-2026-41200 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Nuwcdivnpt Stig-manager

CVE-2026-41200

STIG Manager is an API and web client for managing Security Technical Implementation Guides (STIG) assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting (XSS) vulnerability in the OIDC aut…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.001 (21.4th percentile) — read the EPSS interpretation.

Affected products

Nuwcdivnpt Stig-manager — versions >= 1.5.10, < 1.6.8

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

Hunt-Benito/cve-2026-41200-stig-manager-oidc-reflected-xss

References

https://github.com/NUWCDIVNPT/stig-manager/security/advisories/GHSA-wg33-j3rv-jq72 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-41200?: CVE-2026-41200 is a vulnerability in Nuwcdivnpt Stig-manager, classified under Cross-site Scripting. Published 2026-04-23.
Is CVE-2026-41200 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.