CVE-2026-29048 — MEDIUM (6.1)

Vulnerability Description

HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the context of the user's browser. This issue has been patched in version 1.18.1.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Humhub	Humhub	1.18.0

Related Weaknesses (CWE)

CWE-79

References

https://github.com/humhub/humhub/commit/bd06ab4c75f6c65295ee3e1ce3643437e8f9d10aPatch
https://github.com/humhub/humhub/pull/8039Issue TrackingPatch
https://github.com/humhub/humhub/releases/tag/v1.18.1ProductRelease Notes
https://github.com/humhub/humhub/security/advisories/GHSA-qxjh-478x-23gmVendor Advisory

FAQ

What is CVE-2026-29048?

CVE-2026-29048 is a vulnerability with a CVSS score of 6.1 (MEDIUM). HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encodin...

How severe is CVE-2026-29048?

CVE-2026-29048 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-29048?

Check the references section above for vendor advisories and patch information. Affected products include: Humhub Humhub.