{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-5301/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.6,"id":"CVE-2026-5301"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["xss","cve-2026-5301","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCoolerControl/coolercontrol-ui versions prior to 4.0.0 are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2026-5301. This flaw resides in the log viewer component of the application. Unauthenticated attackers can exploit this vulnerability by injecting malicious JavaScript code into log entries. When a user views the log entries containing the malicious script, the script executes within their browser, potentially allowing the attacker to take over the CoolerControl service. The vulnerability was reported by GitLab Inc. and affects versions prior to the release of version 4.0.0. This is a high severity vulnerability because it allows unauthenticated attackers to perform actions as other users in the application.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a CoolerControl/coolercontrol-ui instance running a version prior to 4.0.0.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious log entry containing JavaScript code designed to execute arbitrary actions within a user\u0026rsquo;s session, such as stealing cookies or redirecting to a phishing site.\u003c/li\u003e\n\u003cli\u003eThe attacker injects this malicious log entry into the CoolerControl/coolercontrol-ui system. The method of injection is not specified in the source but could involve exploiting other vulnerabilities or misconfigurations in the system.\u003c/li\u003e\n\u003cli\u003eA user, such as an administrator, accesses the log viewer within the CoolerControl/coolercontrol-ui interface.\u003c/li\u003e\n\u003cli\u003eThe log viewer renders the malicious log entry, causing the injected JavaScript code to execute in the user\u0026rsquo;s browser.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the user\u0026rsquo;s session or performs other malicious actions, such as stealing credentials or injecting further malicious content into the application.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the compromised session to potentially escalate privileges and gain complete control over the CoolerControl service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-5301 can lead to a complete compromise of the CoolerControl service. An attacker could gain unauthorized access to sensitive data, modify system configurations, or use the compromised system as a launchpad for further attacks. Given the nature of XSS vulnerabilities, impact is highly dependent on the privileges of the user whose session is compromised.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade CoolerControl/coolercontrol-ui to version 4.0.0 or later to remediate CVE-2026-5301.\u003c/li\u003e\n\u003cli\u003eImplement input validation and output encoding on all log entries to prevent the injection of malicious scripts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect potential exploitation attempts by monitoring for script execution in the context of the CoolerControl/coolercontrol-ui web application.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-08T13:16:43Z","date_published":"2026-04-08T13:16:43Z","id":"/briefs/2026-04-coolercontrol-xss/","summary":"Unauthenticated attackers can perform a stored XSS attack against CoolerControl/coolercontrol-ui versions less than 4.0.0 by injecting malicious JavaScript into log entries, leading to potential service takeover.","title":"CoolerControl-UI Stored XSS Vulnerability (CVE-2026-5301)","url":"https://feed.craftedsignal.io/briefs/2026-04-coolercontrol-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-5301","version":"https://jsonfeed.org/version/1.1"}