Product
A high-severity stored cross-site scripting (XSS) vulnerability, tracked as CVE-2026-54087, exists in EasyAdmin Bundle versions >= 5.0.0 and < 5.0.13, allowing attackers to upload malicious HTML or SVG files containing JavaScript which executes in an administrator's session when viewed in the backend, leading to session/CSRF token theft and privilege escalation.