CVE-2025-70296

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.4 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N                                    

Vulnerability Description

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view.

Vulnerability Details

Published Date

February 11, 2026

Last Modified

February 12, 2026

CWE ID

CWE-77

Source

NVD

External References

https://github.com/chrisWalker11/Cves/blob/main/CVE-2025-70296/CVE-2025-70296.md
https://github.com/mealie-recipes/mealie/issues/6690
https://github.com/mealie-recipes/mealie/pull/6743

CVE-2025-70296

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment