XSS in Tinacms

CVE-2026-55661

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing…

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Weakness classification (CWE)

References