What is CVE-2026-44259?

CVE-2026-44259 is a medium-severity vulnerability in Efwgrp Efw4.x, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 4.6/10. Published 2026-05-12.

How severe is CVE-2026-44259?

Medium severity. CVSS v3 base score is 4.6 out of 10.

XSS in Efwgrp Efw4.x

CVE-2026-44259

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the previewServlet serves files with their detected MIME type based on file extension, without any content sanitization or security headers. Files with .html, .htm, or .svg exte…

EPSS: 0.000 (8.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.6 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N.

Affected products

Efwgrp Efw4.x — versions < 4.08.010

Weakness classification (CWE)

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-44259?: CVE-2026-44259 is a medium-severity vulnerability in Efwgrp Efw4.x, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 4.6/10. Published 2026-05-12.
How severe is CVE-2026-44259?: Medium severity. CVSS v3 base score is 4.6 out of 10.