{"api_version":"1","generated_at":"2026-07-04T18:54:43+00:00","cve":"CVE-2026-12888","urls":{"html":"https://cve.report/CVE-2026-12888","api":"https://cve.report/api/cve/CVE-2026-12888.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-12888","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-12888"},"summary":{"title":"HTML injection in the Canarytoken Google Chat notification","description":"An HTML injection vulnerability exists in the Google Chat webhook notification  sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links.\n\n\nThis issue affects Canarytokens: from Docker tag sha-4aef1db90 before sha-8ab4dccd, from Git commit 4aef1db90 before 8ab4dccd.","state":"PUBLISHED","assigner":"ThinkstAppliedResearch","published_at":"2026-06-22 14:16:34","updated_at":"2026-06-23 15:42:44"},"problem_types":["CWE-74","CWE-74 CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"],"metrics":[{"version":"4.0","source":"0f2be0ad-3469-4e56-b38f-4eb96719b425","type":"Secondary","score":"2","severity":"LOW","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:L/U:Green","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:L/U:Green","baseScore":2,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN"}},{"version":"4.0","source":"CNA","type":"CVSS","score":"2","severity":"LOW","vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:P/AU:N/RE:L/U:Green","data":{"Automatable":"NO","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":2,"baseSeverity":"LOW","exploitMaturity":"PROOF_OF_CONCEPT","privilegesRequired":"NONE","providerUrgency":"GREEN","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","userInteraction":"ACTIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:P/AU:N/RE:L/U:Green","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"LOW"}}],"references":[{"url":"https://github.com/thinkst/canarytokens/security/advisories/GHSA-vcfc-7466-8q65","name":"https://github.com/thinkst/canarytokens/security/advisories/GHSA-vcfc-7466-8q65","refsource":"0f2be0ad-3469-4e56-b38f-4eb96719b425","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-12888","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-12888","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Thinkst Applied Research","product":"Canarytokens","version":"affected sha-4aef1db90 sha-8ab4dccd custom","platforms":[]},{"source":"CNA","vendor":"Thinkst Applied Research","product":"Canarytokens","version":"affected 4aef1db90 8ab4dccd git","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Pull the latest Docker image:\n\n\n$ docker pull thinkst/canarytokens:latest","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"GitHub.com/geo-chen","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"12888","cve":"CVE-2026-12888","epss":"0.002860000","percentile":"0.203290000","score_date":"2026-06-28","updated_at":"2026-06-29 00:14:19"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-12888","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-22T15:42:24.249954Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-22T15:42:35.858Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Canarytokens","vendor":"Thinkst Applied Research","versions":[{"lessThan":"sha-8ab4dccd","status":"affected","version":"sha-4aef1db90","versionType":"custom"},{"lessThan":"8ab4dccd","status":"affected","version":"4aef1db90","versionType":"git"}]}],"credits":[{"lang":"en","type":"finder","value":"GitHub.com/geo-chen"}],"datePublic":"2026-06-22T11:13:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An HTML injection vulnerability exists in the Google Chat webhook notification&nbsp; sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links.<div><br><p>This issue affects Canarytokens: from Docker tag sha-4aef1db90 before sha-8ab4dccd, from Git commit 4aef1db90 before 8ab4dccd.</p></div>"}],"value":"An HTML injection vulnerability exists in the Google Chat webhook notification  sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links.\n\n\nThis issue affects Canarytokens: from Docker tag sha-4aef1db90 before sha-8ab4dccd, from Git commit 4aef1db90 before 8ab4dccd."}],"impacts":[{"capecId":"CAPEC-113","descriptions":[{"lang":"en","value":"CAPEC-113 Interface Manipulation"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NO","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":2,"baseSeverity":"LOW","exploitMaturity":"PROOF_OF_CONCEPT","privilegesRequired":"NONE","providerUrgency":"GREEN","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","userInteraction":"ACTIVE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:P/AU:N/RE:L/U:Green","version":"4.0","vulnAvailabilityImpact":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"LOW"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-74","description":"CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-22T13:05:53.827Z","orgId":"0f2be0ad-3469-4e56-b38f-4eb96719b425","shortName":"ThinkstAppliedResearch"},"references":[{"url":"https://github.com/thinkst/canarytokens/security/advisories/GHSA-vcfc-7466-8q65"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Pull the latest Docker image:<div><br></div><div><code>$&nbsp;docker pull thinkst/canarytokens:latest</code></div>"}],"value":"Pull the latest Docker image:\n\n\n$ docker pull thinkst/canarytokens:latest"}],"source":{"discovery":"UNKNOWN"},"title":"HTML injection in the Canarytoken Google Chat notification","x_generator":{"engine":"Vulnogram 1.0.2"}}},"cveMetadata":{"assignerOrgId":"0f2be0ad-3469-4e56-b38f-4eb96719b425","assignerShortName":"ThinkstAppliedResearch","cveId":"CVE-2026-12888","datePublished":"2026-06-22T13:05:53.827Z","dateReserved":"2026-06-22T10:56:11.962Z","dateUpdated":"2026-06-22T15:42:35.858Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-22 14:16:34","lastModifiedDate":"2026-06-23 15:42:44","problem_types":["CWE-74","CWE-74 CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"],"metrics":{"cvssMetricV40":[{"source":"0f2be0ad-3469-4e56-b38f-4eb96719b425","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:L/U:Green","baseScore":2,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"LOW","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"LOW","providerUrgency":"GREEN"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-22T15:42:24.249954Z","id":"CVE-2026-12888","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"12888","Ordinal":"1","Title":"HTML injection in the Canarytoken Google Chat notification","CVE":"CVE-2026-12888","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"12888","Ordinal":"1","NoteData":"An HTML injection vulnerability exists in the Google Chat webhook notification  sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links.\n\n\nThis issue affects Canarytokens: from Docker tag sha-4aef1db90 before sha-8ab4dccd, from Git commit 4aef1db90 before 8ab4dccd.","Type":"Description","Title":"HTML injection in the Canarytoken Google Chat notification"}]}}}