Scan free
LOWCVE-2026-2946CVSS 3.5

CVE-2026-2946: XSS in rymcu forest

Platform

java

Component

rymcu-forest

Fixed in

0.0.2

0.0.3

0.0.4

0.0.5

0.0.6

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026
View on NVD
Save

CVE-2026-2946 is a cross-site scripting (XSS) vulnerability affecting rymcu forest versions 0.0.1 through 0.0.5. This vulnerability resides within the XssUtils.replaceHtmlCode function, impacting Article Content, Comments, and Portfolio sections. A public exploit is available, making it a potential risk for exposed systems. The vendor has not responded to early disclosure attempts.

Java / Maven

Detect this CVE in your project

Upload your pom.xml file and we'll tell you instantly if you're affected.

Upload pom.xmlSupported formats: pom.xml · build.gradle

Impact and Attack Scenarios

Successful exploitation of CVE-2026-2946 allows an attacker to inject malicious scripts into web pages viewed by other users of rymcu forest. This can lead to session hijacking, defacement of the website, or redirection to malicious sites. The attacker could potentially steal sensitive user data, including credentials, or perform actions on behalf of the victim. Given the public availability of an exploit, the risk of exploitation is elevated, particularly if the application is publicly accessible and the vulnerability is not addressed promptly.

Exploitation Context

CVE-2026-2946 has been publicly disclosed, and a proof-of-concept exploit is available. This significantly increases the likelihood of exploitation. The vulnerability is currently not listed on KEV or EPSS, suggesting a low to medium probability of active exploitation, but the public exploit makes it a high priority for remediation. The CVE was published on 2026-02-22.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.03% (7% percentile)

CISA SSVC

Exploitationpoc
Automatableno
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R3.5LOWAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredLowAuthentication level needed to attackUser InteractionRequiredWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityNoneRisk of sensitive data exposureIntegrityLowRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
Low — any valid user account is sufficient. Basic authenticated access required.
User Interaction
Required — victim must take an action: open a file, click a link, or visit a crafted page.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
None — no confidentiality impact. Attacker cannot read protected data.
Integrity
Low — attacker can modify some data with limited scope or impact.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentrymcu-forest
Vendorrymcu
Affected rangeFixed in
0.0.1 – 0.0.10.0.2
0.0.2 – 0.0.20.0.3
0.0.3 – 0.0.30.0.4
0.0.4 – 0.0.40.0.5
0.0.5 – 0.0.50.0.6

Weakness Classification (CWE)

CWE-79CWE-94

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated
Unpatched — 91 days since disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2026-2946 is to upgrade rymcu forest to a version containing a fix. Since no fixed version is provided, consider implementing input validation and output encoding on user-supplied data within the Article Content, Comments, and Portfolio sections. Employ a Web Application Firewall (WAF) with XSS filtering rules to block malicious payloads. Regularly scan the application for XSS vulnerabilities using automated tools. After upgrade (or implementation of workarounds), thoroughly test the affected areas to confirm the vulnerability is no longer exploitable.

How to fix

Update to a patched version that is not vulnerable to XSS attacks. Since the vendor has not responded, it is recommended to seek alternatives or implement additional security measures to mitigate the risk of XSS in the affected code.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2026-2946 — XSS in rymcu forest?

CVE-2026-2946 is a cross-site scripting (XSS) vulnerability in rymcu forest versions 0.0.1–0.0.5, affecting Article Content/Comments/Portfolio. It allows attackers to inject malicious scripts.

Am I affected by CVE-2026-2946 in rymcu forest?

You are affected if you are using rymcu forest versions 0.0.1 through 0.0.5 and have not yet upgraded or implemented mitigating controls.

How do I fix CVE-2026-2946 in rymcu forest?

Upgrade rymcu forest to a patched version (if available). If no patch is available, implement input validation and output encoding, and consider using a WAF.

Is CVE-2026-2946 being actively exploited?

A public exploit exists, increasing the likelihood of exploitation. Monitor your systems closely and prioritize remediation.

Where can I find the official rymcu forest advisory for CVE-2026-2946?

Due to the vendor's lack of response, an official advisory may not be available. Monitor security news sources and community forums for updates.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs