CVE-2026-24050

Severity CVSS v4.0:

LOW

Type:

CWE-79 Cross-Site Scripting (XSS)

Publication date:

06/02/2026

Last modified:

06/02/2026

Description

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This vulnerability is fixed in 11.5.

Impact

Vector 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U CVSS v4.0 Severity and Metrics:

Base Score: 1.10 LOW
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U

Attack Vector (AV): Network
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): High
User Interaction (UI): Passsive
Confidentiality (VC): None
Integrity (VI): None
Availability (VA): None
Confidentiality (SC): Low
Integrity (SI): Low
Availability (SA): None
Exploit Maturity (E): Unreported

Base Score 4.0

1.10

Severity 4.0

LOW

CVE-2026-24050

Description

Impact

References to Advisories, Solutions, and Tools