Description
Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the Computer field of JSON logs that executes in the forensic examiner's browser session when viewing the generated HTML report, leading to information disclosure or code execution.
Published: 2026-04-08
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting
Action: Immediate Patch
AI Analysis

Impact

Hayabusa versions older than 3.8.0 contain an XSS flaw in the HTML report that enables an attacker to inject malicious JavaScript into the Computer field of JSON‑exported logs. When a forensic examiner views the generated report, the injected script runs in the browser, potentially disclosing sensitive data or performing unauthorized actions. The vulnerability is classified as CWE‑79 and is a classic reflected XSS scenario.

Affected Systems

The affected product is Hayabusa, released by Yamato‑Security. All versions lower than 3.8.0 are vulnerable; any installation that has not upgraded to at least 3.8.0 is at risk.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity; the exploit probability score is unavailable and it is not listed in the CISA KEV catalog. The attack vector is inferred to be through the web interface where users load and view JSON logs—an attacker must supply a crafted log file, and the victim must open the resulting HTML report. Attack requires user interaction but poses a real risk of data disclosure or session hijacking for the examiner.

Generated by OpenCVE AI on April 8, 2026 at 22:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Hayabusa to version 3.8.0 or later, which removes the XSS entry point.
  • If immediate updating is not possible, limit JSON log import privileges to trusted users only and apply client‑side validation to cleanse the Computer field.
  • Disable the HTML report generation feature until the product is patched, preventing exploitation via the report.
  • Continuously monitor for XSS injection attempts in logged data and review browser console for unexpected script execution.

Generated by OpenCVE AI on April 8, 2026 at 22:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 17 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:yamato-security:hayabusa:*:*:*:*:*:*:*:*

Sat, 11 Apr 2026 03:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 09 Apr 2026 08:30:00 +0000

Type Values Removed Values Added
First Time appeared Yamato-security
Yamato-security hayabusa
Vendors & Products Yamato-security
Yamato-security hayabusa

Wed, 08 Apr 2026 21:45:00 +0000

Type Values Removed Values Added
Description Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the Computer field of JSON logs that executes in the forensic examiner's browser session when viewing the generated HTML report, leading to information disclosure or code execution.
Title Hayabusa < 3.8.0 XSS via JSON Log Import
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}


Subscriptions

Yamato-security Hayabusa
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-11T03:04:53.201Z

Reserved: 2026-04-08T13:36:47.863Z

Link: CVE-2026-40028

cve-icon Vulnrichment

Updated: 2026-04-11T03:04:48.535Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-08T22:16:23.137

Modified: 2026-06-17T10:44:37.703

Link: CVE-2026-40028

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:25:54Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')