CVE-2026-50766

Vulnerability Description

A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through 25.11 allows an authenticated remote attacker with edit_items permission to inject arbitrary web scripts via the item public notes field (items.itemnotes).

References

http://koha.com
https://lgnas.gitbook.io/findings/cve-2026-50766

FAQ

What is CVE-2026-50766?

CVE-2026-50766 is a documented vulnerability. A stored cross-site scripting (XSS) vulnerability in the OPAC item detail page of Koha Library Management System through 25.11 allows an authenticated remote attacker with edit_items permission to inj...

How severe is CVE-2026-50766?

CVSS scoring is not yet available for CVE-2026-50766. Check NVD for updates.

Is there a patch for CVE-2026-50766?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.