{
"threat_severity" : "Moderate",
"public_date" : "2026-03-03T17:26:06Z",
"bugzilla" : {
"description" : "DOMPurify: DOMPurify: Cross-site scripting vulnerability",
"id" : "2444135",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2444135"
},
"cvss3" : {
"cvss3_base_score" : "6.1",
"cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"status" : "draft"
},
"cwe" : "CWE-79",
"details" : [ "DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements (noscript, xmp, noembed, noframes, iframe) in the SAFE_FOR_XML regex. Attackers can include payloads like 
in attribute values to execute JavaScript when sanitized output is placed inside these unprotected rawtext contexts.", "A cross site scripting flaw has been discovered in the DOMPurify npm library. This flaw allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements (noscript, xmp, noembed, noframes, iframe) in the SAFE_FOR_XML regex. Attackers can include payloads like in attribute values to execute JavaScript when sanitized output is placed inside these unprotected rawtext contexts." ],
"package_state" : [ {
"product_name" : "Cryostat 4",
"fix_state" : "Fix deferred",
"package_name" : "io.cryostat-cryostat",
"cpe" : "cpe:/a:redhat:cryostat:4"
}, {
"product_name" : "Migration Toolkit for Virtualization",
"fix_state" : "Fix deferred",
"package_name" : "migration-toolkit-virtualization/mtv-console-plugin-rhel9",
"cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
}, {
"product_name" : "Migration Toolkit for Virtualization",
"fix_state" : "Fix deferred",
"package_name" : "mtv-candidate/mtv-console-plugin-rhel9",
"cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2"
}, {
"product_name" : "Multicluster Engine for Kubernetes",
"fix_state" : "Fix deferred",
"package_name" : "multicluster-engine/console-mce-rhel9",
"cpe" : "cpe:/a:redhat:multicluster_engine"
}, {
"product_name" : "Network Observability Operator",
"fix_state" : "Fix deferred",
"package_name" : "network-observability/network-observability-console-plugin-compat-rhel9",
"cpe" : "cpe:/a:redhat:network_observ_optr:1"
}, {
"product_name" : "Node HealthCheck Operator",
"fix_state" : "Fix deferred",
"package_name" : "workload-availability/node-healthcheck-must-gather-rhel9",
"cpe" : "cpe:/a:redhat:workload_availability_nhc:0"
}, {
"product_name" : "Node HealthCheck Operator",
"fix_state" : "Fix deferred",
"package_name" : "workload-availability/node-healthcheck-operator-bundle",
"cpe" : "cpe:/a:redhat:workload_availability_nhc:0"
}, {
"product_name" : "Node HealthCheck Operator",
"fix_state" : "Fix deferred",
"package_name" : "workload-availability/node-healthcheck-rhel9-operator",
"cpe" : "cpe:/a:redhat:workload_availability_nhc:0"
}, {
"product_name" : "Node HealthCheck Operator",
"fix_state" : "Fix deferred",
"package_name" : "workload-availability/node-remediation-console-rhel9",
"cpe" : "cpe:/a:redhat:workload_availability_nhc:0"
}, {
"product_name" : "OpenShift Pipelines",
"fix_state" : "Fix deferred",
"package_name" : "openshift-pipelines/pipelines-hub-api-rhel8",
"cpe" : "cpe:/a:redhat:openshift_pipelines:1"
}, {
"product_name" : "OpenShift Pipelines",
"fix_state" : "Fix deferred",
"package_name" : "openshift-pipelines/pipelines-hub-db-migration-rhel8",
"cpe" : "cpe:/a:redhat:openshift_pipelines:1"
}, {
"product_name" : "OpenShift Pipelines",
"fix_state" : "Fix deferred",
"package_name" : "openshift-pipelines/pipelines-hub-ui-rhel8",
"cpe" : "cpe:/a:redhat:openshift_pipelines:1"
}, {
"product_name" : "Red Hat 3scale API Management Platform 2",
"fix_state" : "Fix deferred",
"package_name" : "3scale-amp20/system",
"cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
}, {
"product_name" : "Red Hat 3scale API Management Platform 2",
"fix_state" : "Fix deferred",
"package_name" : "3scale-amp21/system",
"cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
}, {
"product_name" : "Red Hat 3scale API Management Platform 2",
"fix_state" : "Fix deferred",
"package_name" : "3scale-amp22/system",
"cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
}, {
"product_name" : "Red Hat 3scale API Management Platform 2",
"fix_state" : "Fix deferred",
"package_name" : "3scale-amp24/system",
"cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
}, {
"product_name" : "Red Hat 3scale API Management Platform 2",
"fix_state" : "Fix deferred",
"package_name" : "3scale-amp25/system",
"cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
}, {
"product_name" : "Red Hat 3scale API Management Platform 2",
"fix_state" : "Fix deferred",
"package_name" : "3scale-amp26/system",
"cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
}, {
"product_name" : "Red Hat 3scale API Management Platform 2",
"fix_state" : "Fix deferred",
"package_name" : "3scale-amp2/system-rhel7",
"cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
}, {
"product_name" : "Red Hat 3scale API Management Platform 2",
"fix_state" : "Fix deferred",
"package_name" : "3scale-amp2/system-rhel8",
"cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
}, {
"product_name" : "Red Hat 3scale API Management Platform 2",
"fix_state" : "Fix deferred",
"package_name" : "3scale-amp2/system-rhel9",
"cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
}, {
"product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
"fix_state" : "Fix deferred",
"package_name" : "rhacm2/console-rhel9",
"cpe" : "cpe:/a:redhat:acm:2"
}, {
"product_name" : "Red Hat Advanced Cluster Security 4",
"fix_state" : "Fix deferred",
"package_name" : "advanced-cluster-security/rhacs-main-rhel8",
"cpe" : "cpe:/a:redhat:advanced_cluster_security:4"
}, {
"product_name" : "Red Hat Ansible Automation Platform 2",
"fix_state" : "Fix deferred",
"package_name" : "ansible-automation-platform-26/gateway-rhel9",
"cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
}, {
"product_name" : "Red Hat Ansible Automation Platform 2",
"fix_state" : "Fix deferred",
"package_name" : "automation-controller",
"cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
}, {
"product_name" : "Red Hat Ansible Automation Platform 2",
"fix_state" : "Fix deferred",
"package_name" : "automation-eda-controller",
"cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
}, {
"product_name" : "Red Hat Ansible Automation Platform 2",
"fix_state" : "Fix deferred",
"package_name" : "automation-gateway",
"cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
}, {
"product_name" : "Red Hat Ansible Automation Platform 2",
"fix_state" : "Fix deferred",
"package_name" : "automation-platform-ui",
"cpe" : "cpe:/a:redhat:ansible_automation_platform:2"
}, {
"product_name" : "Red Hat build of Apache Camel - HawtIO 4",
"fix_state" : "Fix deferred",
"package_name" : "io.hawt-project",
"cpe" : "cpe:/a:redhat:apache_camel_hawtio:4"
}, {
"product_name" : "Red Hat build of Apicurio Registry 2",
"fix_state" : "Fix deferred",
"package_name" : "io.apicurio-apicurio-registry",
"cpe" : "cpe:/a:redhat:service_registry:2"
}, {
"product_name" : "Red Hat Enterprise Linux 10",
"fix_state" : "Fix deferred",
"package_name" : "grafana",
"cpe" : "cpe:/o:redhat:enterprise_linux:10"
}, {
"product_name" : "Red Hat Enterprise Linux 8",
"fix_state" : "Fix deferred",
"package_name" : "grafana",
"cpe" : "cpe:/o:redhat:enterprise_linux:8"
}, {
"product_name" : "Red Hat Enterprise Linux 9",
"fix_state" : "Fix deferred",
"package_name" : "grafana",
"cpe" : "cpe:/o:redhat:enterprise_linux:9"
}, {
"product_name" : "Red Hat OpenShift AI (RHOAI)",
"fix_state" : "Fix deferred",
"package_name" : "rhoai/odh-dashboard-rhel9",
"cpe" : "cpe:/a:redhat:openshift_ai"
}, {
"product_name" : "Red Hat OpenShift AI (RHOAI)",
"fix_state" : "Fix deferred",
"package_name" : "rhoai/odh-data-science-pipelines-argo-argoexec-rhel8",
"cpe" : "cpe:/a:redhat:openshift_ai"
}, {
"product_name" : "Red Hat OpenShift AI (RHOAI)",
"fix_state" : "Fix deferred",
"package_name" : "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8",
"cpe" : "cpe:/a:redhat:openshift_ai"
}, {
"product_name" : "Red Hat OpenShift AI (RHOAI)",
"fix_state" : "Fix deferred",
"package_name" : "rhoai/odh-mod-arch-gen-ai-rhel9",
"cpe" : "cpe:/a:redhat:openshift_ai"
}, {
"product_name" : "Red Hat OpenShift AI (RHOAI)",
"fix_state" : "Fix deferred",
"package_name" : "rhoai/odh-mod-arch-model-registry-rhel9",
"cpe" : "cpe:/a:redhat:openshift_ai"
}, {
"product_name" : "Red Hat OpenShift AI (RHOAI)",
"fix_state" : "Fix deferred",
"package_name" : "rhoai/odh-model-registry-rhel8",
"cpe" : "cpe:/a:redhat:openshift_ai"
}, {
"product_name" : "Red Hat OpenShift Container Platform 4",
"fix_state" : "Fix deferred",
"package_name" : "openshift4/ose-console",
"cpe" : "cpe:/a:redhat:openshift:4"
}, {
"product_name" : "Red Hat OpenShift Container Platform 4",
"fix_state" : "Fix deferred",
"package_name" : "openshift4/ose-console-rhel9",
"cpe" : "cpe:/a:redhat:openshift:4"
}, {
"product_name" : "Red Hat OpenShift Container Platform 4",
"fix_state" : "Fix deferred",
"package_name" : "openshift4/ose-monitoring-plugin-rhel9",
"cpe" : "cpe:/a:redhat:openshift:4"
}, {
"product_name" : "Red Hat Openshift Data Foundation 4",
"fix_state" : "Fix deferred",
"package_name" : "odf4/ocs-client-console-rhel9",
"cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
}, {
"product_name" : "Red Hat Openshift Data Foundation 4",
"fix_state" : "Fix deferred",
"package_name" : "odf4/odf-console-rhel9",
"cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
}, {
"product_name" : "Red Hat Openshift Data Foundation 4",
"fix_state" : "Fix deferred",
"package_name" : "odf4/odf-multicluster-console-rhel9",
"cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
}, {
"product_name" : "Red Hat OpenShift GitOps",
"fix_state" : "Fix deferred",
"package_name" : "openshift-gitops-1/argocd-rhel8",
"cpe" : "cpe:/a:redhat:openshift_gitops:1"
}, {
"product_name" : "Red Hat OpenShift GitOps",
"fix_state" : "Fix deferred",
"package_name" : "openshift-gitops-1/argocd-rhel9",
"cpe" : "cpe:/a:redhat:openshift_gitops:1"
}, {
"product_name" : "Red Hat OpenShift GitOps",
"fix_state" : "Fix deferred",
"package_name" : "openshift-gitops-1/console-plugin-rhel8",
"cpe" : "cpe:/a:redhat:openshift_gitops:1"
}, {
"product_name" : "Red Hat OpenShift Virtualization 4",
"fix_state" : "Fix deferred",
"package_name" : "container-native-virtualization/kubevirt-console-plugin",
"cpe" : "cpe:/a:redhat:container_native_virtualization:4"
}, {
"product_name" : "Red Hat OpenShift Virtualization 4",
"fix_state" : "Fix deferred",
"package_name" : "container-native-virtualization/kubevirt-console-plugin-rhel9",
"cpe" : "cpe:/a:redhat:container_native_virtualization:4"
}, {
"product_name" : "Red Hat Process Automation 7",
"fix_state" : "Fix deferred",
"package_name" : "org.kie-process-migration-service",
"cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
}, {
"product_name" : "Self-service automation portal 2",
"fix_state" : "Fix deferred",
"package_name" : "ansible-automation-platform/automation-portal",
"cpe" : "cpe:/a:redhat:ansible_portal:2"
}, {
"product_name" : "streams for Apache Kafka 2",
"fix_state" : "Fix deferred",
"package_name" : "com.github.streamshub-console",
"cpe" : "cpe:/a:redhat:amq_streams:2"
}, {
"product_name" : "streams for Apache Kafka 3",
"fix_state" : "Fix deferred",
"package_name" : "com.github.streamshub-console",
"cpe" : "cpe:/a:redhat:amq_streams:3"
} ],
"references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-0540\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-0540\nhttps://github.com/cure53/DOMPurify\nhttps://github.com/cure53/DOMPurify/commit/fca0a938b4261ddc9c0293a289935a9029c049f5\nhttps://www.vulncheck.com/advisories/dompurify-xss-via-missing-rawtext-elements-in-safeforxml" ],
"name" : "CVE-2026-0540",
"mitigation" : {
"value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"lang" : "en:us"
},
"csaw" : false
}