By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.
Loading CVE list…
CVE Name
Severity Score
Published Date
CISA KEV
Take These Insights to the Next Level
Armis now offers direct API access to Armis Vulnerability Intelligence Database through the AWS Marketplace, transforming it from a powerful research tool into an integrated component of your proactive security posture.
Seamless Integration: Directly feed Armis's contextual data into your existing stack.
Automated Workflows: Automate vulnerability lookups in real-time.
Custom Solutions: Use the raw data to build custom dashboards, reports, alerts.
See everything.Identify true risk.Proactively mitigate threats.Book a Demo
Let's talk!
CVE-2026-41067:
Loading CVE details…
CVE-2026-41067 | Medium Severity | Armis
, , or and inject arbitrary HTML/JavaScript. This vulnerability is fixed in 6.1.6.","articleBody":"Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex /<\\/script>/g to sanitize values injected into inline , , or and inject arbitrary HTML/JavaScript. This vulnerability is fixed in 6.1.6.","datePublished":"2026-04-24T17:16:21.000Z","dateModified":"2026-05-13T09:04:46.204Z","keywords":"Medium, 2026, CVE, vulnerability, cybersecurity, CVSS","url":"https://cve.armis.com/CVE-2026-41067","author":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"publisher":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"license":"https://creativecommons.org/licenses/by-nc-sa/4.0/","isBasedOn":{"@type":"WebPage","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41067","name":"NVD CVE-2026-41067"},"additionalProperty":[{"@type":"PropertyValue","name":"CVSS Score","value":"6.1"},{"@type":"PropertyValue","name":"Severity","value":"Medium"},{"@type":"PropertyValue","name":"EPSS Score","value":"0.04%"},{"@type":"PropertyValue","name":"EPSS Percentile","value":"11th"},{"@type":"PropertyValue","name":"Attack Vector","value":"NETWORK"},{"@type":"PropertyValue","name":"Attack Complexity","value":"LOW"},{"@type":"PropertyValue","name":"Privileges Required","value":"NONE"},{"@type":"PropertyValue","name":"User Interaction","value":"REQUIRED"},{"@type":"PropertyValue","name":"Scope","value":"CHANGED"},{"@type":"PropertyValue","name":"Confidentiality Impact","value":"LOW"},{"@type":"PropertyValue","name":"Integrity Impact","value":"LOW"},{"@type":"PropertyValue","name":"Availability Impact","value":"NONE"}]},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is CVE-2026-41067?","acceptedAnswer":{"@type":"Answer","text":"Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex /<\\/script>/g to sanitize values injected into inline , , or and inject arbitrary HTML/JavaScript. This vulnerability is fixed in 6.1.6."}},{"@type":"Question","name":"How severe is CVE-2026-41067?","acceptedAnswer":{"@type":"Answer","text":"CVE-2026-41067 has a CVSS score of 6.1 (Medium severity). EPSS score: 0.04% (11th percentile), indicating the estimated probability of exploitation in the wild."}}]},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://cve.armis.com/"},{"@type":"ListItem","position":2,"name":"CVE-2026-41067","item":"https://cve.armis.com/CVE-2026-41067"}]}]
CVE-2026-41067:
Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex /</script>/g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace or / before the closing >, allowing an attacker to bypass the sanitization with payloads like , , or </script/> and inject arbitrary HTML/JavaScript. This vulnerability is fixed in 6.1.6.
Score
A numerical rating that indicates how dangerous this vulnerability is.
6.1Medium
Published Date:Apr 24, 2026
CISA KEV Date:*No Data*
Industries Affected:20
Threat Predictions
EPSS Score:0.0
EPSS Percentile:11%
Exploitability
Score:2.8
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:REQUIRED
Scope:CHANGED
Impact
Score:2.7
Confidentiality Impact:LOW
Integrity Impact:LOW
Availability Impact:NONE
Description Preview
Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex /</script>/g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace or / before the closing >, allowing an attacker to bypass the sanitization with payloads like , , or </script/> and inject arbitrary HTML/JavaScript. This vulnerability is fixed in 6.1.6.
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
Low
Mining
Utilities
Information
Construction
Retail Trade
Manufacturing
Wholesale Trade
Educational Services
Finance and Insurance
Public Administration
Real Estate Rental and Leasing
Transportation and Warehousing
Accommodation and Food Services
Health Care and Social Assistance
Arts, Entertainment, and Recreation
Management of Companies and Enterprises
Agriculture, Forestry, Fishing and Hunting
Other Services (except Public Administration)
Professional, Scientific, and Technical Services
Administrative and Support and Waste Management and Remediation Services
