XSS in Fpt Software Nightwolf Penetration Testing Platform

CVE-2026-6179

Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (5.7th percentile) — read the EPSS interpretation.

Affected products

Fpt Software Nightwolf Penetration Testing Platform — versions 2.1.5, 2.1.6

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

bug.report.night-wolf.io/changelogs