CVE-2026-10850

Vulnerability Description

Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API v1 intake endpoint.

Vulnerability Details

Published Date

June 17, 2026

Last Modified

June 17, 2026

CWE ID

CWE-79

Source

NVD

Vendor

Plane

Product

Plane

External References

https://fluidattacks.com/es/advisories/earth
https://github.com/makeplane/plane
https://fluidattacks.com/es/advisories/earth

CVE-2026-10850

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment