Vulnerability Details CVE-2026-13083
A flaw was found in the Pen Drive report generator. Cluster-sourced data is rendered into HTML reports without proper escaping or sanitization. An attacker with cluster administrator privileges can inject a stored cross-site scripting (XSS) payload into cluster objects (such as ClusterVersion spec.channel) that executes in the browser of any user who opens the generated HTML report.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 7.3%
CVSS Severity
CVSS v3 Score 6.9
Products affected by CVE-2026-13083
-
cpe:2.3:a:redhat:pen_drive:*