CVE-2026-28499
EUVD-2026-1269618.03.2026, 02:16
LeafKit is a templating language with Swift-inspired syntax. Prior to version 1.14.2, HTML escaping doesn't work correctly when a template prints a collection (Array / Dictionary) via `#(value)`. This can result in XSS, allowing potentially untrusted input to be rendered unescaped. Version 1.14.2 fixes the issue.
Awaiting analysis
This vulnerability is currently awaiting analysis.