CVE-2026-12888

Vulnerability Description

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links.

This issue affects Canarytokens: from Docker tag sha-4aef1db90 before sha-8ab4dccd, from Git commit 4aef1db90 before 8ab4dccd.

Vulnerability Details

Published Date

June 22, 2026

Last Modified

June 22, 2026

CWE ID

CWE-74

Source

NVD

Vendor

Thinkst Applied Research

Product

Canarytokens

External References

https://github.com/thinkst/canarytokens/security/advisories/GHSA-vcfc-7466-8q65

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment