Vulnerability Details CVE-2026-10850
Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the description_html field when creating an intake work item through the API v1 intake endpoint.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 15.2%
CVSS Severity
CVSS v3 Score 5.4
References