CVE-2026-10729

UNKNOWN 0.0

HTML injection in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c42435e before sha-bfda4df, from Git commit c42435e before bfda4df.

CWE	CWE-74
Vendor	thinkst applied research
Product	canarytokens
Published	Jun 3, 2026
Last Updated	Jun 3, 2026

Stay Ahead of the Next One

Get instant alerts for thinkst applied research canarytokens

Be the first to know when new unknown vulnerabilities affecting thinkst applied research canarytokens are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Thinkst Applied Research / Canarytokens

sha-c42435e < sha-bfda4df c42435e < bfda4df

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/thinkst/canarytokens/security/advisories/GHSA-hmjv-pj8j-8fg7

Credits

Gaurav Popalghat