CVE-2026-49459Medium· 6.1▾ SunlitDOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM
▾ Sunlit zone — Low / medium · no exploitation signal
impact 33.6 · likelihood 0 · exploitation 0
The latest CVEs are free to read. CVE-2026-49459 is outside the free window — sign in (free) to view the full technical detail, affected versions, references, and raw markdown.