Description
An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails.


This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from Git commit c0f3cf142 before 08c3f93d.
Published: 2026-06-10
Score: 2 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An HTML injection flaw exists in the “fetch links” email generated by Thinkst Applied Research Canarytokens. The vulnerability allows a malicious actor to insert arbitrary HTML content into the email sent to end‑users. Any email client that renders the HTML payload can be tricked into executing the injected code, resulting in interface manipulation.

Affected Systems

Systems that employ the Canarytokens Docker image with a digest of sha-c0f3cf142 or any earlier digest before sha-08c3f93d, as well as builds from any Git commit prior to 08c3f93d, are affected. The issue is limited to the Docker‑based deployment of Thinkst Applied Research Canarytokens.

Risk and Exploitability

The CVSS score of 2 indicates a low‑severity vulnerability. EPSS score of 0.00047 and the weakness is not listed in CISA’s KEV catalog, implying limited exploitation activity. However, the flaw can be exploitable by attackers who can influence the content of the “fetch links” email or target users who open such emails in clients that render HTML.

Generated by OpenCVE AI on June 10, 2026 at 14:56 UTC.

Remediation

Vendor Solution

Pull the latest Docker image: $ docker pull thinkst/canarytokens:latest

OpenCVE Recommended Actions

  • Pull the latest Canarytokens Docker image from thinkst/canarytokens:latest
  • Deploy the updated image to replace any older tags that contain the vulnerability
  • Update all deployment manifests and orchestration files to reference the latest image tag and remove any references to the vulnerable digest

Generated by OpenCVE AI on June 10, 2026 at 14:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 10 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Thinkst Applied Research
Thinkst Applied Research canarytokens
Vendors & Products Thinkst Applied Research
Thinkst Applied Research canarytokens

Wed, 10 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Description An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from Git commit c0f3cf142 before 08c3f93d.
Title HTML injection in the Canarytoken links email
Weaknesses CWE-74
References
Metrics cvssV4_0

{'score': 2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:P/AU:N/RE:L/U:Green'}

Subscriptions

Thinkst Applied Research Canarytokens
cve-icon MITRE

Status: PUBLISHED

Assigner: ThinkstAppliedResearch

Published:

Updated: 2026-06-10T14:38:21.778Z

Reserved: 2026-06-10T10:35:44.979Z

Link: CVE-2026-11859

cve-icon Vulnrichment

Updated: 2026-06-10T14:36:45.569Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-10T12:16:25.067

Modified: 2026-06-10T20:13:47.847

Link: CVE-2026-11859

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-10T15:00:13Z

Weaknesses
  • CWE-74

    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')