What is CVE-2026-46489?

CVE-2026-46489 is a high-severity vulnerability, classified under Cross-site Scripting. CVSS score: 8.1/10. Published 2026-06-11.

How severe is CVE-2026-46489?

High severity. CVSS v3 base score is 8.1 out of 10.

CVE-2026-46489

CVE-2026-46489

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. Thi…

Vulnerability class: XSS (Cross-Site Scripting)

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N.

Weakness classification (CWE)

CWE-79 — Cross-site Scripting
CWE-434 — Unrestricted Upload of File with Dangerous Type

References

security-advisories@github.com
security-advisories@github.com
security-advisories@github.com

Frequently asked questions

What is CVE-2026-46489?: CVE-2026-46489 is a high-severity vulnerability, classified under Cross-site Scripting. CVSS score: 8.1/10. Published 2026-06-11.
How severe is CVE-2026-46489?: High severity. CVSS v3 base score is 8.1 out of 10.