What is CVE-2026-42197?

CVE-2026-42197 is a high-severity vulnerability in Inducer Relate, classified under Cross-site Scripting. CVSS score: 8.7/10. Published 2026-05-27.

How severe is CVE-2026-42197?

High severity. CVSS v3 base score is 8.7 out of 10.

XSS in Inducer Relate

CVE-2026-42197

RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrat…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (9.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N.

Affected products

Inducer Relate — versions < 555f0efb1c5bd7531c07cd73724d7e566a81f620

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-42197?: CVE-2026-42197 is a high-severity vulnerability in Inducer Relate, classified under Cross-site Scripting. CVSS score: 8.7/10. Published 2026-05-27.
How severe is CVE-2026-42197?: High severity. CVSS v3 base score is 8.7 out of 10.