🔴 Critical Vulnerability: CVE-2026-12048 | Vulnios Threat Alert

Vulnerability Snapshot

CVE-2026-12048 is rated CRITICAL — exploitation is trivial or already observed in the wild and impact is severe. Patch immediately, not on the next maintenance window.

Executive Summary

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields) was passed verbatim through html-react-parser at every user-facing sink — the notifier toasts, FormFooterMessage / FormInput help and error areas, FormNote, ModalProvider AlertContent and confirmDelete, ToolErrorView, the Explain visualiser's NodeText panel, the SQL editor confirm dialogs, ConfirmSaveContent, PreferencesHelper modal alerts, and SelectThemes helper text. A PostgreSQL server an attacker controls — or any server returning attacker-influenced text such as a table or column name a low-privilege database user can create — could inject arbitrary HTML (including ) into the pgAdmin DOM the moment the victim's pgAdmin connected to that server or viewed an Explain plan that referenced the cra</p></div></section><section class="mb-10"><h2 class="text-xl font-bold text-foreground mb-4 flex items-center gap-2"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-triangle-alert h-5 w-5 text-orange-400" aria-hidden="true"><path d="m21.73 18-8-14a2 2 0 0 0-3.48 0l-8 14A2 2 0 0 0 4 21h16a2 2 0 0 0 1.73-3"></path><path d="M12 9v4"></path><path d="M12 17h.01"></path></svg>Why It Matters</h2><div class="blog-content prose-invert"><p class="blog-p"><strong>CVE-2026-12048</strong> is rated <strong>CRITICAL</strong> severity, requiring immediate attention from security teams.</p> <p class="blog-p">CVSS Base Score: <strong>9.3/10</strong></p></div></section><section class="mb-10"><h2 class="text-xl font-bold text-foreground mb-4 flex items-center gap-2"><span class="text-xl">🛡️</span>What Defenders Should Check</h2><div class="blog-content prose-invert"><li class="blog-li-ordered"><strong>Check if you are affected</strong> — Review your asset inventory for products listed in CVE-2026-12048.</li> <li class="blog-li-ordered"><strong>Apply available patches</strong> — Visit vendor advisories for the latest security updates.</li> <li class="blog-li-ordered"><strong>Monitor for exploitation</strong> — Check your SIEM/IDS logs for related indicators.</li> <p class="blog-p">Use <a href="https://vulnios.com/sign-up?utm_source=threat-post&utm_medium=inline-cta" class="blog-link" target="_blank" rel="noopener noreferrer">Vulnios</a> to continuously monitor your exposure to CVE-2026-12048 and similar vulnerabilities.</p></div></section><section class="mb-10"><h2 class="text-xl font-bold text-foreground mb-4 flex items-center gap-2"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-external-link h-5 w-5 text-muted-foreground" aria-hidden="true"><path d="M15 3h6v6"></path><path d="M10 14 21 3"></path><path d="M18 13v6a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V8a2 2 0 0 1 2-2h6"></path></svg>References & Sources</h2><div class="blog-content prose-invert"><li class="blog-li"><a href="https://github.com/pgadmin-org/pgadmin4/commit/9e370d3cb67b83b3945f82969c959fad3f926517" class="blog-link" target="_blank" rel="noopener noreferrer">https://github.com/pgadmin-org/pgadmin4/commit/9e370d3cb67b83b3945f82969c959fad3f926517</a></li> <li class="blog-li"><a href="https://github.com/pgadmin-org/pgadmin4/issues/10068" class="blog-link" target="_blank" rel="noopener noreferrer">https://github.com/pgadmin-org/pgadmin4/issues/10068</a></li></div></section><section class="mb-10"><h2 class="text-xl font-bold text-foreground mb-4 flex items-center gap-2"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-shield h-5 w-5 text-emerald-400" aria-hidden="true"><path d="M20 13c0 5-3.5 7.5-7.66 8.95a1 1 0 0 1-.67-.01C7.5 20.5 4 18 4 13V6a1 1 0 0 1 1-1c2 0 4.5-1.2 6.24-2.72a1.17 1.17 0 0 1 1.52 0C14.51 3.81 17 5 19 5a1 1 0 0 1 1 1z"></path></svg>How Vulnios Detects This</h2><div class="blog-content prose-invert"><p class="blog-p">Vulnios scans for this vulnerability using <strong>Trivy</strong> and <strong>Grype</strong> for SBOM-based CVE matching and <strong>Vulnios CVE feed</strong> continuous monitoring against your asset inventory. Run a scan against your environment to see whether you are exposed; findings are linked back to the original CVE record so triage starts with the patch path already known.</p></div></section><div class="mb-10"><div class="p-5 rounded-xl border border-violet-500/20 bg-gradient-to-br from-violet-500/[0.04] to-violet-900/[0.08]"><div class="flex items-center justify-between mb-3"><div class="flex items-center gap-2"><div class="w-8 h-8 rounded-lg bg-violet-500/10 flex items-center justify-center"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-sparkles w-4 h-4 text-violet-400" aria-hidden="true"><path d="M11.017 2.814a1 1 0 0 1 1.966 0l1.051 5.558a2 2 0 0 0 1.594 1.594l5.558 1.051a1 1 0 0 1 0 1.966l-5.558 1.051a2 2 0 0 0-1.594 1.594l-1.051 5.558a1 1 0 0 1-1.966 0l-1.051-5.558a2 2 0 0 0-1.594-1.594l-5.558-1.051a1 1 0 0 1 0-1.966l5.558-1.051a2 2 0 0 0 1.594-1.594z"></path><path d="M20 2v4"></path><path d="M22 4h-4"></path><circle cx="4" cy="20" r="2"></circle></svg></div><div><h3 class="text-sm font-semibold text-foreground">AI Security Advisor</h3><p class="text-[10px] text-muted-foreground/60">Powered by Gemini</p></div></div></div><p class="text-xs text-muted-foreground mb-4">Get AI-powered security recommendations tailored to this specific threat — including risk assessment, detection guidance, MITRE ATT&CK mapping, and actionable remediation steps.</p><button class="w-full inline-flex items-center justify-center gap-2 px-4 py-2.5 rounded-lg text-sm font-medium bg-violet-500/10 text-violet-300 border border-violet-500/20 hover:bg-violet-500/20 hover:text-violet-200 transition-all disabled:opacity-50 disabled:cursor-wait"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-sparkles w-4 h-4" aria-hidden="true"><path d="M11.017 2.814a1 1 0 0 1 1.966 0l1.051 5.558a2 2 0 0 0 1.594 1.594l5.558 1.051a1 1 0 0 1 0 1.966l-5.558 1.051a2 2 0 0 0-1.594 1.594l-1.051 5.558a1 1 0 0 1-1.966 0l-1.051-5.558a2 2 0 0 0-1.594-1.594l-5.558-1.051a1 1 0 0 1 0-1.966l5.558-1.051a2 2 0 0 0 1.594-1.594z"></path><path d="M20 2v4"></path><path d="M22 4h-4"></path><circle cx="4" cy="20" r="2"></circle></svg>Get AI Recommendations</button></div></div><div class="mb-10 p-5 rounded-xl bg-white/[0.02] border border-white/[0.06]"><h3 class="text-sm font-semibold text-foreground mb-3">Sources</h3><ul class="space-y-1"><li class="text-sm"><a href="https://nvd.nist.gov/vuln/detail/CVE-2026-12048" target="_blank" rel="noopener noreferrer" class="text-primary hover:text-primary/80 transition-colors inline-flex items-center gap-1">NVD / NIST<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-external-link h-3 w-3" aria-hidden="true"><path d="M15 3h6v6"></path><path d="M10 14 21 3"></path><path d="M18 13v6a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V8a2 2 0 0 1 2-2h6"></path></svg></a></li></ul></div><section class="mb-10 p-5 rounded-xl bg-white/[0.02] border border-white/[0.06]"><h2 class="text-lg font-bold text-foreground mb-4 flex items-center gap-2"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-triangle-alert h-5 w-5 text-orange-400" aria-hidden="true"><path d="m21.73 18-8-14a2 2 0 0 0-3.48 0l-8 14A2 2 0 0 0 4 21h16a2 2 0 0 0 1.73-3"></path><path d="M12 9v4"></path><path d="M12 17h.01"></path></svg>Related Threat Alerts</h2><ul class="space-y-2"><li><a class="group flex items-start gap-2 text-sm text-foreground hover:text-primary transition-colors" href="/threats/cve-2026-12045-critical-vulnerability-cve-2026-12045-2026-06-19"><span class="mt-1 inline-block h-1.5 w-1.5 rounded-full bg-muted-foreground/40 group-hover:bg-primary transition-colors flex-shrink-0"></span><span class="line-clamp-2">Critical Vulnerability: CVE-2026-12045</span></a></li><li><a class="group flex items-start gap-2 text-sm text-foreground hover:text-primary transition-colors" href="/threats/cve-2026-12046-critical-vulnerability-cve-2026-12046-2026-06-19"><span class="mt-1 inline-block h-1.5 w-1.5 rounded-full bg-muted-foreground/40 group-hover:bg-primary transition-colors flex-shrink-0"></span><span class="line-clamp-2">Critical Vulnerability: CVE-2026-12046</span></a></li><li><a class="group flex items-start gap-2 text-sm text-foreground hover:text-primary transition-colors" href="/threats/issue-with-containerd-cri-plugin-cve-2026-50195-cve-2026-53488-cve-2026-53492-cv-2026-06-19"><span class="mt-1 inline-block h-1.5 w-1.5 rounded-full bg-muted-foreground/40 group-hover:bg-primary transition-colors flex-shrink-0"></span><span class="line-clamp-2">Issue with containerd CRI Plugin - CVE-2026-50195, CVE-2026-53488, CVE-2026-53492, CVE-2026-53489, CVE-2026-47262</span></a></li><li><a class="group flex items-start gap-2 text-sm text-foreground hover:text-primary transition-colors" href="/threats/gentlemen-ransomware-uses-multiple-edr-killers-to-disable-defenses-2026-06-19"><span class="mt-1 inline-block h-1.5 w-1.5 rounded-full bg-muted-foreground/40 group-hover:bg-primary transition-colors flex-shrink-0"></span><span class="line-clamp-2">Gentlemen ransomware uses multiple EDR killers to disable defenses</span></a></li><li><a class="group flex items-start gap-2 text-sm text-foreground hover:text-primary transition-colors" href="/threats/cisa-urges-hardening-fortinet-devices-after-reports-of-credential-exposure-2026-06-19"><span class="mt-1 inline-block h-1.5 w-1.5 rounded-full bg-muted-foreground/40 group-hover:bg-primary transition-colors flex-shrink-0"></span><span class="line-clamp-2">CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure</span></a></li><li><a class="group flex items-start gap-2 text-sm text-foreground hover:text-primary transition-colors" href="/threats/cve-2026-48584-microsoft-azure-synapse-elevation-of-privilege-vulnerability-2026-06-19"><span class="mt-1 inline-block h-1.5 w-1.5 rounded-full bg-muted-foreground/40 group-hover:bg-primary transition-colors flex-shrink-0"></span><span class="line-clamp-2">CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability</span></a></li></ul></section><section class="mb-10"><h2 class="text-xl font-bold text-foreground mb-4 flex items-center gap-2"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-circle-question-mark h-5 w-5 text-primary" aria-hidden="true"><circle cx="12" cy="12" r="10"></circle><path d="M9.09 9a3 3 0 0 1 5.83 1c0 2-3 3-3 3"></path><path d="M12 17h.01"></path></svg>Frequently Asked Questions</h2><div class="space-y-4"><details class="group rounded-xl bg-white/[0.02] border border-white/[0.06] open:border-white/[0.12]"><summary class="cursor-pointer px-5 py-3 text-sm font-semibold text-foreground hover:bg-white/[0.02] transition-colors list-none flex items-center justify-between gap-3"><span>What is CVE-2026-12048?</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-chevron-right h-4 w-4 text-muted-foreground group-open:rotate-90 transition-transform flex-shrink-0" aria-hidden="true"><path d="m9 18 6-6-6-6"></path></svg></summary><div class="px-5 pb-4 pt-1 text-sm text-muted-foreground leading-relaxed blog-content prose-invert"><p class="blog-p">CVE-2026-12048 is a critical-severity vulnerability tracked under the Common Vulnerabilities and Exposures program. Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relati</p></div></details><details class="group rounded-xl bg-white/[0.02] border border-white/[0.06] open:border-white/[0.12]"><summary class="cursor-pointer px-5 py-3 text-sm font-semibold text-foreground hover:bg-white/[0.02] transition-colors list-none flex items-center justify-between gap-3"><span>Am I affected?</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-chevron-right h-4 w-4 text-muted-foreground group-open:rotate-90 transition-transform flex-shrink-0" aria-hidden="true"><path d="m9 18 6-6-6-6"></path></svg></summary><div class="px-5 pb-4 pt-1 text-sm text-muted-foreground leading-relaxed blog-content prose-invert"><p class="blog-p">Affected technology is listed in the Affected Products section above. If your asset inventory contains any of them, assume in-scope until you can prove otherwise.</p></div></details><details class="group rounded-xl bg-white/[0.02] border border-white/[0.06] open:border-white/[0.12]"><summary class="cursor-pointer px-5 py-3 text-sm font-semibold text-foreground hover:bg-white/[0.02] transition-colors list-none flex items-center justify-between gap-3"><span>How urgent is the response?</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-chevron-right h-4 w-4 text-muted-foreground group-open:rotate-90 transition-transform flex-shrink-0" aria-hidden="true"><path d="m9 18 6-6-6-6"></path></svg></summary><div class="px-5 pb-4 pt-1 text-sm text-muted-foreground leading-relaxed blog-content prose-invert"><p class="blog-p">Critical: do not wait for your normal patch cycle. Verify exposure today, apply the vendor patch immediately, and add detection rules for any post-exploit indicators.</p></div></details><details class="group rounded-xl bg-white/[0.02] border border-white/[0.06] open:border-white/[0.12]"><summary class="cursor-pointer px-5 py-3 text-sm font-semibold text-foreground hover:bg-white/[0.02] transition-colors list-none flex items-center justify-between gap-3"><span>How do I remediate?</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-chevron-right h-4 w-4 text-muted-foreground group-open:rotate-90 transition-transform flex-shrink-0" aria-hidden="true"><path d="m9 18 6-6-6-6"></path></svg></summary><div class="px-5 pb-4 pt-1 text-sm text-muted-foreground leading-relaxed blog-content prose-invert"><p class="blog-p">Apply the vendor patch listed in the upstream advisory linked under Sources. If the patch is not yet available, follow the vendor-supplied workaround (often a config flag or feature disable) and add detections for the published exploit pattern in your SIEM. Re-scan after the patch lands to confirm the finding clears.</p></div></details><details class="group rounded-xl bg-white/[0.02] border border-white/[0.06] open:border-white/[0.12]"><summary class="cursor-pointer px-5 py-3 text-sm font-semibold text-foreground hover:bg-white/[0.02] transition-colors list-none flex items-center justify-between gap-3"><span>Where can I track exploitation activity?</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-chevron-right h-4 w-4 text-muted-foreground group-open:rotate-90 transition-transform flex-shrink-0" aria-hidden="true"><path d="m9 18 6-6-6-6"></path></svg></summary><div class="px-5 pb-4 pt-1 text-sm text-muted-foreground leading-relaxed blog-content prose-invert"><p class="blog-p">Watch CISA's Known Exploited Vulnerabilities catalog for CVE-2026-12048. Cross-reference with public exploit databases and your own SIEM/IDS for indicator-of-compromise patterns. Vulnios tracks KEV status automatically and surfaces it on the asset findings view.</p></div></details><details class="group rounded-xl bg-white/[0.02] border border-white/[0.06] open:border-white/[0.12]"><summary class="cursor-pointer px-5 py-3 text-sm font-semibold text-foreground hover:bg-white/[0.02] transition-colors list-none flex items-center justify-between gap-3"><span>How does Vulnios help with this?</span><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-chevron-right h-4 w-4 text-muted-foreground group-open:rotate-90 transition-transform flex-shrink-0" aria-hidden="true"><path d="m9 18 6-6-6-6"></path></svg></summary><div class="px-5 pb-4 pt-1 text-sm text-muted-foreground leading-relaxed blog-content prose-invert"><p class="blog-p">Vulnios continuously cross-references your asset inventory against the live CVE feed (NVD, vendor advisories, CISA KEV, and curated OSINT). When a new CVE matches your environment, you get a prioritized finding with the severity, KEV status, exploit-prediction (EPSS), and a direct path to the vendor patch. You can start a free scan from the homepage.</p></div></details></div></section><div class="flex flex-wrap gap-2 mb-10"><span class="inline-flex items-center gap-1 text-[10px] font-medium uppercase tracking-wider text-primary/80 bg-primary/10 px-2 py-0.5 rounded-full"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-tag h-2.5 w-2.5" aria-hidden="true"><path d="M12.586 2.586A2 2 0 0 0 11.172 2H4a2 2 0 0 0-2 2v7.172a2 2 0 0 0 .586 1.414l8.704 8.704a2.426 2.426 0 0 0 3.42 0l6.58-6.58a2.426 2.426 0 0 0 0-3.42z"></path><circle cx="7.5" cy="7.5" r=".5" fill="currentColor"></circle></svg>critical</span><span class="inline-flex items-center gap-1 text-[10px] font-medium uppercase tracking-wider text-primary/80 bg-primary/10 px-2 py-0.5 rounded-full"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="lucide lucide-tag h-2.5 w-2.5" aria-hidden="true"><path d="M12.586 2.586A2 2 0 0 0 11.172 2H4a2 2 0 0 0-2 2v7.172a2 2 0 0 0 .586 1.414l8.704 8.704a2.426 2.426 0 0 0 3.42 0l6.58-6.58a2.426 2.426 0 0 0 0-3.42z"></path><circle cx="7.5" cy="7.5" r=".5" fill="currentColor"></circle></svg>xss</span></div><div class="mt-16"><div class="relative overflow-hidden rounded-2xl border border-primary/20 bg-gradient-to-br from-primary/[0.04] to-accent/[0.04] p-8 text-center"><div class="absolute top-0 left-1/2 -translate-x-1/2 w-[300px] h-[200px] bg-primary/[0.06] rounded-full blur-[80px] pointer-events-none"></div><div class="relative"><h3 class="text-xl font-bold text-foreground mb-2">Protect Your Organization</h3><p class="text-sm text-muted-foreground mb-6 max-w-md mx-auto">Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts — all in one platform.</p><div class="flex flex-col sm:flex-row items-center justify-center gap-3"><a class="inline-flex items-center gap-2 px-6 py-2.5 rounded-xl bg-gradient-to-r from-primary to-accent text-primary-foreground font-medium text-sm shadow-md hover:shadow-glow hover:brightness-110 transition-all" href="/sign-up?utm_source=threat-post&utm_medium=cta&utm_campaign=footer-cta">Get Started Free</a><a class="inline-flex items-center gap-2 px-6 py-2.5 rounded-xl border border-white/[0.08] bg-white/[0.02] text-foreground font-medium text-sm hover:bg-white/[0.06] transition-all" href="/scan?utm_source=threat-post&utm_medium=cta&utm_campaign=scan-cta">Free Security Scan</a><a href="https://osint.vulnios.com?utm_source=threat-post&utm_medium=cta" target="_blank" rel="noopener noreferrer" class="inline-flex items-center gap-2 px-6 py-2.5 rounded-xl border border-white/[0.08] bg-white/[0.02] text-foreground font-medium text-sm hover:bg-white/[0.06] transition-all">OSINT Dashboard</a></div></div></div></div><div class="mt-8 p-5 rounded-xl bg-[#229ED9]/[0.06] border border-[#229ED9]/20 text-center"><p class="text-sm text-foreground mb-2 font-medium">Get instant alerts on Telegram</p><p class="text-xs text-muted-foreground mb-3">Join our public channel for real-time critical CVE alerts.</p><a href="https://t.me/vulnios" target="_blank" rel="noopener noreferrer" class="inline-flex items-center gap-2 px-5 py-2 rounded-lg bg-[#229ED9] text-white font-medium text-sm hover:bg-[#229ED9]/90 transition-colors"><svg class="w-4 h-4" viewBox="0 0 24 24" fill="currentColor"><path d="M12 0C5.373 0 0 5.373 0 12s5.373 12 12 12 12-5.373 12-12S18.627 0 12 0zm5.894 8.221-1.97 9.28c-.145.658-.537.818-1.084.508l-3-2.21-1.446 1.394c-.14.18-.357.295-.6.295l.213-3.054 5.56-5.022c.24-.213-.054-.334-.373-.121l-6.869 4.326-2.96-.924c-.64-.203-.658-.64.135-.954l11.566-4.458c.538-.196 1.006.128.828.94z"></path></svg>Follow @vulnios</a></div></article></div></main><footer class="border-t border-white/[0.06] bg-background/50"><div class="max-w-7xl mx-auto px-4 sm:px-6 lg:px-8 py-12"><div class="grid grid-cols-2 md:grid-cols-4 gap-8"><div class="col-span-2 md:col-span-1"><div class="flex items-center gap-2 mb-3"><span role="img" aria-label="Vulnios" style="display:inline-flex;align-items:center;gap:10px"><svg width="22" height="22" viewBox="0 0 24 24" aria-hidden="true"><path d="M 2 3 L 12 21 L 22 3 L 18 3 L 12 21 L 6 3 Z" fill="#ffffff"></path><path d="M 18 3 L 22 3 L 16 9 Z" fill="#1ec8e6"></path></svg><span style="font-family:"JetBrains Mono", ui-monospace, monospace;font-size:12px;letter-spacing:0.32em;color:#ffffff;text-transform:uppercase;white-space:nowrap;font-weight:500">VULN<span class="vlx-caret" style="display:inline-block;vertical-align:baseline;width:3px;height:14px;background:#1ec8e6;margin:0 0.18em;transform:translateY(2px);animation:vlx-caret 1.1s steps(2) infinite"></span>OS</span></span></div><p class="text-xs text-muted-foreground max-w-xs">Next-gen hybrid cybersecurity platform for SMBs and CISOs.</p></div><div><h4 class="text-xs font-semibold uppercase tracking-wider text-muted-foreground mb-3">Product</h4><ul class="space-y-2"><li><a class="text-sm text-muted-foreground hover:text-foreground transition-colors" href="/product">Features</a></li><li><a class="text-sm text-muted-foreground hover:text-foreground transition-colors" href="/use-cases">Use Cases</a></li><li><a class="text-sm text-muted-foreground hover:text-foreground transition-colors" href="/industries">Industries</a></li><li><a class="text-sm text-muted-foreground hover:text-foreground transition-colors" href="/pricing">Pricing</a></li><li><a class="text-sm text-muted-foreground hover:text-foreground transition-colors" href="/docs/pt">Penetration Testing</a></li><li><a class="text-sm text-muted-foreground hover:text-foreground transition-colors" href="/osint/investigations">OSINT Investigations</a></li><li><a class="text-sm text-muted-foreground hover:text-foreground transition-colors" href="/security">Security</a></li></ul></div><div><h4 class="text-xs font-semibold uppercase tracking-wider text-muted-foreground mb-3">Free Tools</h4><ul class="space-y-2"><li><a class="text-sm text-muted-foreground hover:text-foreground transition-colors" href="/scan">Security Score</a></li><li><a class="text-sm text-muted-foreground hover:text-foreground transition-colors" href="/dark-web-check">Dark Web Check</a></li><li><a class="text-sm text-muted-foreground hover:text-foreground transition-colors" href="/brief">Threat Brief</a></li><li><a href="https://osint.vulnios.com" target="_blank" rel="noopener noreferrer" class="text-sm text-muted-foreground hover:text-foreground transition-colors">OSINT Dashboard</a></li></ul><h4 class="text-xs font-semibold uppercase tracking-wider text-muted-foreground mb-3 mt-6">Resources</h4><ul class="space-y-2"><li><a class="text-sm text-muted-foreground hover:text-foreground transition-colors" href="/blog">Blog</a></li><li><a class="text-sm text-muted-foreground hover:text-foreground transition-colors" href="/docs">Documentation</a></li><li><a class="text-sm text-muted-foreground hover:text-foreground transition-colors" href="/contact">Contact</a></li><li><a href="https://status.vulnios.com/" target="_blank" rel="noopener noreferrer" class="text-sm text-muted-foreground hover:text-foreground transition-colors">Status</a></li></ul></div><div><h4 class="text-xs font-semibold uppercase tracking-wider text-muted-foreground mb-3">Legal</h4><ul class="space-y-2"><li><a class="text-sm text-muted-foreground hover:text-foreground transition-colors" href="/privacy">Privacy Policy</a></li><li><a class="text-sm text-muted-foreground hover:text-foreground transition-colors" href="/terms">Terms of Service</a></li></ul></div></div><div class="border-t border-white/[0.06] mt-8 pt-6 flex flex-col sm:flex-row items-center justify-between gap-4"><p class="text-xs text-muted-foreground/50">© 2026 Vulnios. All rights reserved.</p></div></div></footer></div><section aria-label="Notifications alt+T" tabindex="-1" aria-live="polite" aria-relevant="additions text" aria-atomic="false"></section><script src="/_next/static/chunks/webpack-063284d47194926f.js" nonce="Kt6lUoixVs3X7d4Xf1P54A==" async=""></script><script nonce="Kt6lUoixVs3X7d4Xf1P54A==">(self.__next_f=self.__next_f||[]).push([0]);self.__next_f.push([2,null])</script><script nonce="Kt6lUoixVs3X7d4Xf1P54A==">self.__next_f.push([1,"1:HL[\"/_next/static/media/36966cca54120369-s.p.woff2\",\"font\",{\"crossOrigin\":\"\",\"type\":\"font/woff2\"}]\n2:HL[\"/_next/static/media/4b9bb515ce6d026f.p.woff2\",\"font\",{\"crossOrigin\":\"\",\"type\":\"font/woff2\"}]\n3:HL[\"/_next/static/media/558ca1a6aa3cb55e-s.p.woff2\",\"font\",{\"crossOrigin\":\"\",\"type\":\"font/woff2\"}]\n4:HL[\"/_next/static/media/5611c55482296524.p.woff2\",\"font\",{\"crossOrigin\":\"\",\"type\":\"font/woff2\"}]\n5:HL[\"/_next/static/media/e4af272ccee01ff0-s.p.woff2\",\"font\",{\"crossOrigin\":\"\",\"type\":\"font/woff2\"}]\n6:HL[\"/_next/static/css/ffb8685a9fe8c1b7.css\",\"style\"]\n7:HL[\"/_next/static/css/596a7ae90e2d6efb.css\",\"style\"]\n"])</script><script nonce="Kt6lUoixVs3X7d4Xf1P54A==">self.__next_f.push([1,"8:I[11815,[],\"\"]\nb:I[55092,[],\"\"]\nd:I[82023,[],\"\"]\ne:I[39359,[\"2044\",\"static/chunks/891cff7f-9b91aa21773fd358.js\",\"7376\",\"static/chunks/7376-9a75981f4423f3d7.js\",\"6340\",\"static/chunks/6340-27e67ee5e5b140c1.js\",\"1919\",\"static/chunks/1919-4333b4e8abe0bb10.js\",\"1661\",\"static/chunks/1661-5f5a6f0f509af544.js\",\"4623\",\"static/chunks/4623-8660d607534ff1fd.js\",\"8288\",\"static/chunks/app/(public)/layout-1a02ff94d0cf04e9.js\"],\"default\",1]\n11:I[44622,[\"6470\",\"static/chunks/app/global-error-d1535667191f8786.js\"],\"default\"]\nc:[\"slug\",\"cve-2026-12048-critical-vulnerability-cve-2026-12048-2026-06-19\",\"d\"]\n12:[]\n"])</script><script nonce="Kt6lUoixVs3X7d4Xf1P54A==">self.__next_f.push([1,"0:[\"$\",\"$L8\",null,{\"buildId\":\"74YBsw0sa8eK9JtOuxs09\",\"assetPrefix\":\"\",\"urlParts\":[\"\",\"threats\",\"cve-2026-12048-critical-vulnerability-cve-2026-12048-2026-06-19\"],\"initialTree\":[\"\",{\"children\":[\"(public)\",{\"children\":[\"threats\",{\"children\":[[\"slug\",\"cve-2026-12048-critical-vulnerability-cve-2026-12048-2026-06-19\",\"d\"],{\"children\":[\"__PAGE__\",{}]}]}]}]},\"$undefined\",\"$undefined\",true],\"initialSeedData\":[\"\",{\"children\":[\"(public)\",{\"children\":[\"threats\",{\"children\":[[\"slug\",\"cve-2026-12048-critical-vulnerability-cve-2026-12048-2026-06-19\",\"d\"],{\"children\":[\"__PAGE__\",{},[[\"$L9\",\"$La\",null],null],null]},[null,[\"$\",\"$Lb\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"(public)\",\"children\",\"threats\",\"children\",\"$c\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$Ld\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[null,[\"$\",\"$Lb\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"(public)\",\"children\",\"threats\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$Ld\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":\"$undefined\",\"notFoundStyles\":\"$undefined\"}]],null]},[[null,[\"$\",\"$Le\",null,{\"children\":[\"$\",\"$Lb\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\",\"(public)\",\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$Ld\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":[[\"$\",\"title\",null,{\"children\":\"404: This page could not be found.\"}],[\"$\",\"div\",null,{\"style\":{\"fontFamily\":\"system-ui,\\\"Segoe UI\\\",Roboto,Helvetica,Arial,sans-serif,\\\"Apple Color Emoji\\\",\\\"Segoe UI Emoji\\\"\",\"height\":\"100vh\",\"textAlign\":\"center\",\"display\":\"flex\",\"flexDirection\":\"column\",\"alignItems\":\"center\",\"justifyContent\":\"center\"},\"children\":[\"$\",\"div\",null,{\"children\":[[\"$\",\"style\",null,{\"dangerouslySetInnerHTML\":{\"__html\":\"body{color:#000;background:#fff;margin:0}.next-error-h1{border-right:1px solid rgba(0,0,0,.3)}@media (prefers-color-scheme:dark){body{color:#fff;background:#000}.next-error-h1{border-right:1px solid rgba(255,255,255,.3)}}\"}}],[\"$\",\"h1\",null,{\"className\":\"next-error-h1\",\"style\":{\"display\":\"inline-block\",\"margin\":\"0 20px 0 0\",\"padding\":\"0 23px 0 0\",\"fontSize\":24,\"fontWeight\":500,\"verticalAlign\":\"top\",\"lineHeight\":\"49px\"},\"children\":\"404\"}],[\"$\",\"div\",null,{\"style\":{\"display\":\"inline-block\"},\"children\":[\"$\",\"h2\",null,{\"style\":{\"fontSize\":14,\"fontWeight\":400,\"lineHeight\":\"49px\",\"margin\":0},\"children\":\"This page could not be found.\"}]}]]}]}]],\"notFoundStyles\":[]}],\"params\":{}}]],null],null]},[[[[\"$\",\"link\",\"0\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/ffb8685a9fe8c1b7.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}],[\"$\",\"link\",\"1\",{\"rel\":\"stylesheet\",\"href\":\"/_next/static/css/596a7ae90e2d6efb.css\",\"precedence\":\"next\",\"crossOrigin\":\"$undefined\"}]],\"$Lf\"],null],null],\"couldBeIntercepted\":false,\"initialHead\":[null,\"$L10\"],\"globalErrorComponent\":\"$11\",\"missingSlots\":\"$W12\"}]\n"])</script><script nonce="Kt6lUoixVs3X7d4Xf1P54A==">self.__next_f.push([1,"13:I[22147,[\"6301\",\"static/chunks/14aeac6e-9304a45fb7990a13.js\",\"8832\",\"static/chunks/277ccffe-5aecc53f13c649a2.js\",\"2044\",\"static/chunks/891cff7f-9b91aa21773fd358.js\",\"7376\",\"static/chunks/7376-9a75981f4423f3d7.js\",\"5842\",\"static/chunks/5842-26fe146d63a3ba53.js\",\"1919\",\"static/chunks/1919-4333b4e8abe0bb10.js\",\"7787\",\"static/chunks/7787-4b8943302436daed.js\",\"4623\",\"static/chunks/4623-8660d607534ff1fd.js\",\"1088\",\"static/chunks/1088-bb8fbe06b1d76cd7.js\",\"3185\",\"static/chunks/app/layout-d4012f16ff5e54bf.js\"],\"\"]\n16:I[22505,[\"6301\",\"static/chunks/14aeac6e-9304a45fb7990a13.js\",\"8832\",\"static/chunks/277ccffe-5aecc53f13c649a2.js\",\"2044\",\"static/chunks/891cff7f-9b91aa21773fd358.js\",\"7376\",\"static/chunks/7376-9a75981f4423f3d7.js\",\"5842\",\"static/chunks/5842-26fe146d63a3ba53.js\",\"1919\",\"static/chunks/1919-4333b4e8abe0bb10.js\",\"7787\",\"static/chunks/7787-4b8943302436daed.js\",\"4623\",\"static/chunks/4623-8660d607534ff1fd.js\",\"1088\",\"static/chunks/1088-bb8fbe06b1d76cd7.js\",\"3185\",\"static/chunks/app/layout-d4012f16ff5e54bf.js\"],\"AuthProvider\"]\n1b:I[17787,[\"6301\",\"static/chunks/14aeac6e-9304a45fb7990a13.js\",\"8832\",\"static/chunks/277ccffe-5aecc53f13c649a2.js\",\"2044\",\"static/chunks/891cff7f-9b91aa21773fd358.js\",\"7376\",\"static/chunks/7376-9a75981f4423f3d7.js\",\"5842\",\"static/chunks/5842-26fe146d63a3ba53.js\",\"1919\",\"static/chunks/1919-4333b4e8abe0bb10.js\",\"7787\",\"static/chunks/7787-4b8943302436daed.js\",\"4623\",\"static/chunks/4623-8660d607534ff1fd.js\",\"1088\",\"static/chunks/1088-bb8fbe06b1d76cd7.js\",\"3185\",\"static/chunks/app/layout-d4012f16ff5e54bf.js\"],\"Toaster\"]\n1c:I[52749,[\"6301\",\"static/chunks/14aeac6e-9304a45fb7990a13.js\",\"8832\",\"static/chunks/277ccffe-5aecc53f13c649a2.js\",\"2044\",\"static/chunks/891cff7f-9b91aa21773fd358.js\",\"7376\",\"static/chunks/7376-9a75981f4423f3d7.js\",\"5842\",\"static/chunks/5842-26fe146d63a3ba53.js\",\"1919\",\"static/chunks/1919-4333b4e8abe0bb10.js\",\"7787\",\"static/chunks/7787-4b8943302436daed.js\",\"4623\",\"static/chunks/4623-8660d607534ff1fd.js\",\"1088\",\"static/chunks/1088-bb8fbe06b1d76cd7.js\",\"3185\",\"static/chunks/app/la"])</script><script nonce="Kt6lUoixVs3X7d4Xf1P54A==">self.__next_f.push([1,"yout-d4012f16ff5e54bf.js\"],\"default\"]\n14:T874,"])</script><script nonce="Kt6lUoixVs3X7d4Xf1P54A==">self.__next_f.push([1,"\n window.dataLayer = window.dataLayer || [];\n function gtag(){dataLayer.push(arguments);}\n gtag('js', new Date());\n gtag('config', 'G-D3ZLB58Q44');\n gtag('config', 'AW-17949704784');\n window.__gadsConversion = function() {\n gtag('event', 'conversion', {'send_to': 'AW-17949704784/rlDyCM2L9_cbENCEi-9C'});\n };\n // Paid conversion: fired on Stripe checkout success.\n // Wired to \"Vulnios Platform - Paid Conversion\" (Google Ads conversion ID 7592000061,\n // category PURCHASE, default value $210 LTV with alwaysUseDefault=false so the\n // gtag-supplied transaction value wins).\n //\n // BILL-004 Phase 3: 3rd param is an optional transaction_id —\n // typically 'paid_\u003cstripeSubscriptionId\u003e' to match the server-side\n // uploadOfflineConversion's orderId. With both sides passing the\n // same id, Google Ads dedupes the (client, server) pair to one\n // conversion. Without it, the deduper falls back to (gclid,\n // conversionAction, conversionDateTime) which only matches if both\n // fire within the same UTC second.\n window.__gadsPaidConversion = function(value, currency, transactionId) {\n try {\n var params = {\n 'send_to': 'AW-17949704784/n8uHCL30kqQcENCEi-9C',\n 'value': value || 210,\n 'currency': currency || 'USD'\n };\n if (transactionId) params.transaction_id = transactionId;\n gtag('event', 'conversion', params);\n } catch (e) { /* noop */ }\n };\n "])</script><script nonce="Kt6lUoixVs3X7d4Xf1P54A==">self.__next_f.push([1,"15:T47b,[{\"@context\":\"https://schema.org\",\"@type\":\"Organization\",\"name\":\"Vulnios\",\"url\":\"https://vulnios.com\",\"logo\":\"https://vulnios.com/brand/logo/lockup-on-dark.svg\",\"description\":\"Hybrid cybersecurity platform for SMBs and CISOs.\",\"sameAs\":[\"https://github.com/elad-sudo/vulnios\",\"https://x.com/vulnios\"],\"contactPoint\":{\"@type\":\"ContactPoint\",\"contactType\":\"sales\",\"url\":\"https://vulnios.com/contact\"}},{\"@context\":\"https://schema.org\",\"@type\":\"SoftwareApplication\",\"name\":\"Vulnios\",\"applicationCategory\":\"SecurityApplication\",\"operatingSystem\":\"Web\",\"url\":\"https://vulnios.com\",\"description\":\"Hybrid cybersecurity platform for vulnerability scanning, CVE intelligence, SBOM analysis, and security automation.\",\"offers\":{\"@type\":\"AggregateOffer\",\"lowPrice\":\"0\",\"highPrice\":\"499\",\"priceCurrency\":\"USD\",\"offerCount\":\"4\"},\"publisher\":{\"@type\":\"Organization\",\"name\":\"Vulnios\",\"url\":\"https://vulnios.com\"}},{\"@context\":\"https://schema.org\",\"@type\":\"WebSite\",\"name\":\"Vulnios\",\"url\":\"https://vulnios.com\",\"potentialAction\":{\"@type\":\"SearchAction\",\"target\":\"https://vulnios.com/blog?q={search_term_string}\",\"query-input\":\"required name=search_term_string\"}}]17:{\"fontFamily\":\"system-ui,\\\"Segoe UI\\\",Roboto,Helvetica,Arial,sans-serif,\\\"Apple Color Emoji\\\",\\\"Segoe UI Emoji\\\"\",\"height\":\"100vh\",\"textAlign\":\"center\",\"display\":\"flex\",\"flexDirection\":\"column\",\"alignItems\":\"center\",\"justifyContent\":\"center\"}\n18:{\"display\":\"inline-block\",\"margin\":\"0 20px 0 0\",\"padding\":\"0 23px 0 0\",\"fontSize\":24,\"fontWeight\":500,\"verticalAlign\":\"top\",\"lineHeight\":\"49px\"}\n19:{\"display\":\"inline-block\"}\n1a:{\"fontSize\":14,\"fontWeight\":400,\"lineHeight\":\"49px\",\"margin\":0}\nf:[\"$\",\"html\",null,{\"lang\":\"en\",\"className\":\"dark __variable_f367f3 __variable_dd5b2f __variable_e896d9 __variable_0b1737\",\"children\":[[\"$\",\"head\",null,{\"children\":[[\"$\",\"$L13\",null,{\"src\":\"https://www.googletagmanager.com/gtag/js?id=G-D3ZLB58Q44\",\"strategy\":\"afterInteractive\"}],[\"$\",\"$L13\",null,{\"id\":\"google-analytics\",\"strategy\":\"afterInteractive\",\"nonce\":\"Kt6lUoixVs3X7d4Xf1P54A==\",\"children\":\"$14"])</script><script nonce="Kt6lUoixVs3X7d4Xf1P54A==">self.__next_f.push([1,"\"}],[\"$\",\"script\",null,{\"type\":\"application/ld+json\",\"suppressHydrationWarning\":true,\"dangerouslySetInnerHTML\":{\"__html\":\"$15\"}}]]}],[\"$\",\"body\",null,{\"className\":\"font-sans antialiased\",\"suppressHydrationWarning\":true,\"children\":[[\"$\",\"$L16\",null,{\"children\":[\"$\",\"$Lb\",null,{\"parallelRouterKey\":\"children\",\"segmentPath\":[\"children\"],\"error\":\"$undefined\",\"errorStyles\":\"$undefined\",\"errorScripts\":\"$undefined\",\"template\":[\"$\",\"$Ld\",null,{}],\"templateStyles\":\"$undefined\",\"templateScripts\":\"$undefined\",\"notFound\":[[\"$\",\"title\",null,{\"children\":\"404: This page could not be found.\"}],[\"$\",\"div\",null,{\"style\":\"$17\",\"children\":[\"$\",\"div\",null,{\"children\":[[\"$\",\"style\",null,{\"dangerouslySetInnerHTML\":{\"__html\":\"body{color:#000;background:#fff;margin:0}.next-error-h1{border-right:1px solid rgba(0,0,0,.3)}@media (prefers-color-scheme:dark){body{color:#fff;background:#000}.next-error-h1{border-right:1px solid rgba(255,255,255,.3)}}\"}}],[\"$\",\"h1\",null,{\"className\":\"next-error-h1\",\"style\":\"$18\",\"children\":\"404\"}],[\"$\",\"div\",null,{\"style\":\"$19\",\"children\":[\"$\",\"h2\",null,{\"style\":\"$1a\",\"children\":\"This page could not be found.\"}]}]]}]}]],\"notFoundStyles\":[]}]}],[\"$\",\"$L1b\",null,{\"theme\":\"dark\",\"position\":\"bottom-right\",\"toastOptions\":{\"style\":{\"background\":\"#1a2342\",\"border\":\"1px solid rgba(255,255,255,0.08)\",\"color\":\"#e8ecf4\"}}}],[\"$\",\"$L1c\",null,{}]]}]]}]\n"])</script><script nonce="Kt6lUoixVs3X7d4Xf1P54A==">self.__next_f.push([1,"10:[[\"$\",\"meta\",\"0\",{\"name\":\"viewport\",\"content\":\"width=device-width, initial-scale=1\"}],[\"$\",\"meta\",\"1\",{\"charSet\":\"utf-8\"}],[\"$\",\"title\",\"2\",{\"children\":\"🔴 Critical Vulnerability: CVE-2026-12048 | Vulnios Threat Alert · Vulnios\"}],[\"$\",\"meta\",\"3\",{\"name\":\"description\",\"content\":\"Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, includin\"}],[\"$\",\"link\",\"4\",{\"rel\":\"author\",\"href\":\"https://vulnios.com\"}],[\"$\",\"meta\",\"5\",{\"name\":\"author\",\"content\":\"Vulnios\"}],[\"$\",\"link\",\"6\",{\"rel\":\"manifest\",\"href\":\"/brand/favicon/site.webmanifest\",\"crossOrigin\":\"use-credentials\"}],[\"$\",\"meta\",\"7\",{\"name\":\"keywords\",\"content\":\"cybersecurity platform,vulnerability scanner,CVE database,SBOM analysis,threat intelligence,YARA rules,malware scanning,security automation,ClamAV,Grype,EPSS scores,KEV catalog,CISO tools,security posture management\"}],[\"$\",\"meta\",\"8\",{\"name\":\"creator\",\"content\":\"Vulnios\"}],[\"$\",\"meta\",\"9\",{\"name\":\"publisher\",\"content\":\"Vulnios\"}],[\"$\",\"meta\",\"10\",{\"name\":\"robots\",\"content\":\"index, follow\"}],[\"$\",\"meta\",\"11\",{\"name\":\"googlebot\",\"content\":\"index, follow, max-video-preview:-1, max-image-preview:large, max-snippet:-1\"}],[\"$\",\"meta\",\"12\",{\"name\":\"theme-color\",\"content\":\"#161513\"}],[\"$\",\"link\",\"13\",{\"rel\":\"canonical\",\"href\":\"https://vulnios.com/threats/cve-2026-12048-critical-vulnerability-cve-2026-12048-2026-06-19\"}],[\"$\",\"link\",\"14\",{\"rel\":\"alternate\",\"type\":\"application/rss+xml\",\"href\":\"https://vulnios.com/threats/rss.xml\"}],[\"$\",\"link\",\"15\",{\"rel\":\"alternate\",\"type\":\"application/atom+xml\",\"href\":\"https://vulnios.com/threats/atom.xml\"}],[\"$\",\"meta\",\"16\",{\"name\":\"google-site-verification\",\"content\":\"G-D3ZLB58Q44\"}],[\"$\",\"meta\",\"17\",{\"property\":\"og:title\",\"content\":\"🔴 Critical Vulnerability: CVE-2026-12048 | Vulnios Threat A\"}],[\"$\",\"meta\",\"18\",{\"property\":\"og:description\",\"content\":\"Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relati\"}],[\"$\",\"meta\",\"19\",{\"property\":\"og:url\",\"content\":\"https://vulnios.com/threats/cve-2026-12048-critical-vulnerability-cve-2026-12048-2026-06-19\"}],[\"$\",\"meta\",\"20\",{\"property\":\"og:image:alt\",\"content\":\"Vulnios Threat Alert\"}],[\"$\",\"meta\",\"21\",{\"property\":\"og:image:type\",\"content\":\"image/png\"}],[\"$\",\"meta\",\"22\",{\"property\":\"og:image\",\"content\":\"https://vulnios.com/threats/cve-2026-12048-critical-vulnerability-cve-2026-12048-2026-06-19/opengraph-image-1tiqbc?8a8271907f7af4f4\"}],[\"$\",\"meta\",\"23\",{\"property\":\"og:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"24\",{\"property\":\"og:image:height\",\"content\":\"630\"}],[\"$\",\"meta\",\"25\",{\"property\":\"og:type\",\"content\":\"article\"}],[\"$\",\"meta\",\"26\",{\"property\":\"article:published_time\",\"content\":\"2026-06-19T01:58:21.456Z\"}],[\"$\",\"meta\",\"27\",{\"property\":\"article:tag\",\"content\":\"critical\"}],[\"$\",\"meta\",\"28\",{\"property\":\"article:tag\",\"content\":\"xss\"}],[\"$\",\"meta\",\"29\",{\"name\":\"twitter:card\",\"content\":\"summary_large_image\"}],[\"$\",\"meta\",\"30\",{\"name\":\"twitter:title\",\"content\":\"🔴 Critical Vulnerability: CVE-2026-12048 | Vulnios Threat A\"}],[\"$\",\"meta\",\"31\",{\"name\":\"twitter:description\",\"content\":\"Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relati\"}],[\"$\",\"meta\",\"32\",{\"name\":\"twitter:image:alt\",\"content\":\"Vulnios Threat Alert\"}],[\"$\",\"meta\",\"33\",{\"name\":\"twitter:image:type\",\"content\":\"image/png\"}],[\"$\",\"meta\",\"34\",{\"name\":\"twitter:image\",\"content\":\"https://vulnios.com/threats/cve-2026-12048-critical-vulnerability-cve-2026-12048-2026-06-19/opengraph-image-1tiqbc?8a8271907f7af4f4\"}],[\"$\",\"meta\",\"35\",{\"name\":\"twitter:image:width\",\"content\":\"1200\"}],[\"$\",\"meta\",\"36\",{\"name\":\"twitter:image:height\",\"content\":\"630\"}],[\"$\",\"link\",\"37\",{\"rel\":\"icon\",\"href\":\"/brand/favicon/favicon.svg\",\"type\":\"image/svg+xml\"}],[\"$\",\"link\",\"38\",{\"rel\":\"icon\",\"href\":\"/brand/favicon/favicon-32.png\",\"sizes\":\"32x32\",\"type\":\"image/png\"}],[\"$\",\"link\",\"39\",{\"rel\":\"icon\",\"href\":\"/brand/favicon/favicon-16.png\",\"sizes\":\"16x16\",\"type\":\"image/png\"}],[\"$\",\"link\",\"40\",{\"rel\":\"icon\",\"href\":\"/brand/favicon/favicon-48.png\",\"sizes\":\"48x48\",\"type\":\"image/png\"}],[\"$\",\"link\",\"41\",{\"rel\":\"apple-touch-icon\",\"href\":\"/brand/favicon/apple-touch-icon.png\"}],[\"$\",\"meta\",\"42\",{\"name\":\"next-size-adjust\"}]]\n"])</script><script nonce="Kt6lUoixVs3X7d4Xf1P54A==">self.__next_f.push([1,"9:null\n"])</script><script nonce="Kt6lUoixVs3X7d4Xf1P54A==">self.__next_f.push([1,"1d:I[27604,[\"2044\",\"static/chunks/891cff7f-9b91aa21773fd358.js\",\"7376\",\"static/chunks/7376-9a75981f4423f3d7.js\",\"6340\",\"static/chunks/6340-27e67ee5e5b140c1.js\",\"1919\",\"static/chunks/1919-4333b4e8abe0bb10.js\",\"1661\",\"static/chunks/1661-5f5a6f0f509af544.js\",\"4623\",\"static/chunks/4623-8660d607534ff1fd.js\",\"7604\",\"static/chunks/7604-e2eef415834aa834.js\",\"9884\",\"static/chunks/app/(public)/threats/%5Bslug%5D/page-f37a589f5984db38.js\"],\"AnalyticsTracker\"]\n1e:I[16340,[\"2044\",\"static/chunks/891cff7f-9b91aa21773fd358.js\",\"7376\",\"static/chunks/7376-9a75981f4423f3d7.js\",\"6340\",\"static/chunks/6340-27e67ee5e5b140c1.js\",\"1919\",\"static/chunks/1919-4333b4e8abe0bb10.js\",\"1661\",\"static/chunks/1661-5f5a6f0f509af544.js\",\"4623\",\"static/chunks/4623-8660d607534ff1fd.js\",\"7604\",\"static/chunks/7604-e2eef415834aa834.js\",\"9884\",\"static/chunks/app/(public)/threats/%5Bslug%5D/page-f37a589f5984db38.js\"],\"\"]\n1f:I[27604,[\"2044\",\"static/chunks/891cff7f-9b91aa21773fd358.js\",\"7376\",\"static/chunks/7376-9a75981f4423f3d7.js\",\"6340\",\"static/chunks/6340-27e67ee5e5b140c1.js\",\"1919\",\"static/chunks/1919-4333b4e8abe0bb10.js\",\"1661\",\"static/chunks/1661-5f5a6f0f509af544.js\",\"4623\",\"static/chunks/4623-8660d607534ff1fd.js\",\"7604\",\"static/chunks/7604-e2eef415834aa834.js\",\"9884\",\"static/chunks/app/(public)/threats/%5Bslug%5D/page-f37a589f5984db38.js\"],\"SeverityBadge\"]\n20:I[27604,[\"2044\",\"static/chunks/891cff7f-9b91aa21773fd358.js\",\"7376\",\"static/chunks/7376-9a75981f4423f3d7.js\",\"6340\",\"static/chunks/6340-27e67ee5e5b140c1.js\",\"1919\",\"static/chunks/1919-4333b4e8abe0bb10.js\",\"1661\",\"static/chunks/1661-5f5a6f0f509af544.js\",\"4623\",\"static/chunks/4623-8660d607534ff1fd.js\",\"7604\",\"static/chunks/7604-e2eef415834aa834.js\",\"9884\",\"static/chunks/app/(public)/threats/%5Bslug%5D/page-f37a589f5984db38.js\"],\"ShareButtons\"]\n22:I[66072,[\"2044\",\"static/chunks/891cff7f-9b91aa21773fd358.js\",\"7376\",\"static/chunks/7376-9a75981f4423f3d7.js\",\"6340\",\"static/chunks/6340-27e67ee5e5b140c1.js\",\"1919\",\"static/chunks/1919-4333b4e8abe0bb10.js\",\"1661\",\"static/chunks/1661-5f5a6f0f509af544.js\",\"46"])</script><script nonce="Kt6lUoixVs3X7d4Xf1P54A==">self.__next_f.push([1,"23\",\"static/chunks/4623-8660d607534ff1fd.js\",\"7604\",\"static/chunks/7604-e2eef415834aa834.js\",\"9884\",\"static/chunks/app/(public)/threats/%5Bslug%5D/page-f37a589f5984db38.js\"],\"default\"]\n23:I[27604,[\"2044\",\"static/chunks/891cff7f-9b91aa21773fd358.js\",\"7376\",\"static/chunks/7376-9a75981f4423f3d7.js\",\"6340\",\"static/chunks/6340-27e67ee5e5b140c1.js\",\"1919\",\"static/chunks/1919-4333b4e8abe0bb10.js\",\"1661\",\"static/chunks/1661-5f5a6f0f509af544.js\",\"4623\",\"static/chunks/4623-8660d607534ff1fd.js\",\"7604\",\"static/chunks/7604-e2eef415834aa834.js\",\"9884\",\"static/chunks/app/(public)/threats/%5Bslug%5D/page-f37a589f5984db38.js\"],\"ThreatCTABlock\"]\n24:I[27604,[\"2044\",\"static/chunks/891cff7f-9b91aa21773fd358.js\",\"7376\",\"static/chunks/7376-9a75981f4423f3d7.js\",\"6340\",\"static/chunks/6340-27e67ee5e5b140c1.js\",\"1919\",\"static/chunks/1919-4333b4e8abe0bb10.js\",\"1661\",\"static/chunks/1661-5f5a6f0f509af544.js\",\"4623\",\"static/chunks/4623-8660d607534ff1fd.js\",\"7604\",\"static/chunks/7604-e2eef415834aa834.js\",\"9884\",\"static/chunks/app/(public)/threats/%5Bslug%5D/page-f37a589f5984db38.js\"],\"TelegramFollowButton\"]\n21:T8d3,"])</script><script nonce="Kt6lUoixVs3X7d4Xf1P54A==">self.__next_f.push([1,"{\"@context\":\"https://schema.org\",\"@type\":\"FAQPage\",\"mainEntity\":[{\"@type\":\"Question\",\"name\":\"What is CVE-2026-12048?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"CVE-2026-12048 is a critical-severity vulnerability tracked under the Common Vulnerabilities and Exposures program. Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relati\"}},{\"@type\":\"Question\",\"name\":\"Am I affected?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Affected technology is listed in the Affected Products section above. If your asset inventory contains any of them, assume in-scope until you can prove otherwise.\"}},{\"@type\":\"Question\",\"name\":\"How urgent is the response?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Critical: do not wait for your normal patch cycle. Verify exposure today, apply the vendor patch immediately, and add detection rules for any post-exploit indicators.\"}},{\"@type\":\"Question\",\"name\":\"How do I remediate?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Apply the vendor patch listed in the upstream advisory linked under Sources. If the patch is not yet available, follow the vendor-supplied workaround (often a config flag or feature disable) and add detections for the published exploit pattern in your SIEM. Re-scan after the patch lands to confirm the finding clears.\"}},{\"@type\":\"Question\",\"name\":\"Where can I track exploitation activity?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Watch CISA's Known Exploited Vulnerabilities catalog for CVE-2026-12048. Cross-reference with public exploit databases and your own SIEM/IDS for indicator-of-compromise patterns. Vulnios tracks KEV status automatically and surfaces it on the asset findings view.\"}},{\"@type\":\"Question\",\"name\":\"How does Vulnios help with this?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Vulnios continuously cross-references your asset inventory against the live CVE feed (NVD, vendor advisories, CISA KEV, and curated OSINT). When a new CVE matches your environment, you get a prioritized finding with the severity, KEV status, exploit-prediction (EPSS), and a direct path to the vendor patch. You can start a free scan from the homepage.\"}}]}"])</script><script nonce="Kt6lUoixVs3X7d4Xf1P54A==">self.__next_f.push([1,"a:[\"$\",\"div\",null,{\"className\":\"min-h-screen bg-background\",\"children\":[[\"$\",\"$L1d\",null,{\"postId\":\"dBLJRMx0QY6w7NOdAxIZ\",\"canonicalUrl\":\"https://vulnios.com/threats/cve-2026-12048-critical-vulnerability-cve-2026-12048-2026-06-19\"}],[\"$\",\"section\",null,{\"className\":\"relative overflow-hidden border-b border-white/[0.06]\",\"children\":[[\"$\",\"div\",null,{\"className\":\"absolute inset-0 pointer-events-none\",\"children\":[\"$\",\"div\",null,{\"className\":\"absolute top-1/2 left-1/2 -translate-x-1/2 -translate-y-1/2 w-[600px] h-[600px] rounded-full bg-red-500/[0.03] blur-[120px]\"}]}],[\"$\",\"div\",null,{\"className\":\"relative max-w-3xl mx-auto px-6 py-16\",\"children\":[[\"$\",\"nav\",null,{\"aria-label\":\"Breadcrumb\",\"className\":\"mb-6\",\"children\":[\"$\",\"ol\",null,{\"className\":\"flex flex-wrap items-center gap-1.5 text-sm text-muted-foreground/70\",\"children\":[[\"$\",\"li\",\"/\",{\"className\":\"flex items-center gap-1.5\",\"children\":[[\"$\",\"$L1e\",null,{\"href\":\"/\",\"className\":\"hover:text-primary transition-colors\",\"children\":\"Home\"}],[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-3 w-3 opacity-60\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}]]}],[\"$\",\"li\",\"/threats\",{\"className\":\"flex items-center gap-1.5\",\"children\":[[\"$\",\"$L1e\",null,{\"href\":\"/threats\",\"className\":\"hover:text-primary transition-colors\",\"children\":\"Threat Alerts\"}],[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-3 w-3 opacity-60\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}]]}],[\"$\",\"li\",\"/threats/cve-2026-12048-critical-vulnerability-cve-2026-12048-2026-06-19\",{\"className\":\"flex items-center gap-1.5\",\"children\":[\"$\",\"span\",null,{\"className\":\"text-muted-foreground line-clamp-1\",\"aria-current\":\"page\",\"children\":\"Critical Vulnerability: CVE-2026-12048\"}]}]]}]}],[\"$\",\"$L1e\",null,{\"href\":\"/threats\",\"className\":\"inline-flex items-center gap-1.5 text-sm text-muted-foreground hover:text-primary transition-colors mb-8\",\"children\":[[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-arrow-left h-3.5 w-3.5\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"1l729n\",{\"d\":\"m12 19-7-7 7-7\"}],[\"$\",\"path\",\"x3x0zl\",{\"d\":\"M19 12H5\"}],\"$undefined\"]}],\"All Threat Alerts\"]}],[\"$\",\"div\",null,{\"className\":\"flex items-center gap-3 mb-4\",\"children\":[[\"$\",\"$L1f\",null,{\"severity\":\"critical\",\"size\":\"lg\"}],[\"$\",\"span\",null,{\"className\":\"text-xs text-muted-foreground/60 uppercase tracking-wider font-medium bg-white/[0.04] px-2.5 py-1 rounded-full\",\"children\":\"CVE Alert\"}]]}],[\"$\",\"div\",null,{\"className\":\"flex flex-wrap gap-2 mb-3\",\"children\":[[\"$\",\"span\",\"CVE-2026-12048\",{\"className\":\"text-sm font-mono text-primary bg-primary/10 px-2.5 py-0.5 rounded-md border border-primary/20\",\"children\":\"CVE-2026-12048\"}]]}],[\"$\",\"h1\",null,{\"className\":\"text-3xl md:text-4xl font-bold text-foreground mb-3 tracking-tight leading-tight\",\"children\":\"Critical Vulnerability: CVE-2026-12048\"}],null,[\"$\",\"p\",null,{\"className\":\"text-lg text-muted-foreground mb-6\",\"children\":\"Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields) was passed verbatim through html-react-parser at every user-facing sink — the notifier toasts, FormFooterMessage / FormInput help and error areas, FormNote, ModalProvider AlertContent and confirmDelete, ToolErrorVie\"}],[\"$\",\"div\",null,{\"className\":\"flex flex-wrap items-center gap-4 text-sm text-muted-foreground/60\",\"children\":[[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5\",\"children\":[[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-calendar h-3.5 w-3.5\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"1cmpym\",{\"d\":\"M8 2v4\"}],[\"$\",\"path\",\"4m81vk\",{\"d\":\"M16 2v4\"}],[\"$\",\"rect\",\"1hopcy\",{\"width\":\"18\",\"height\":\"18\",\"x\":\"3\",\"y\":\"4\",\"rx\":\"2\"}],[\"$\",\"path\",\"8toen8\",{\"d\":\"M3 10h18\"}],\"$undefined\"]}],\"Friday, June 19, 2026\"]}],null,[\"$\",\"span\",null,{\"className\":\"flex items-center gap-1.5\",\"children\":[[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-clock h-3.5 w-3.5\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"circle\",\"1mglay\",{\"cx\":\"12\",\"cy\":\"12\",\"r\":\"10\"}],[\"$\",\"path\",\"mmk7yg\",{\"d\":\"M12 6v6l4 2\"}],\"$undefined\"]}],\"Vulnios Threat Intelligence\"]}]]}],[\"$\",\"div\",null,{\"className\":\"mt-6\",\"children\":[\"$\",\"$L20\",null,{\"url\":\"https://vulnios.com/threats/cve-2026-12048-critical-vulnerability-cve-2026-12048-2026-06-19\",\"title\":\"Critical Vulnerability: CVE-2026-12048\",\"postId\":\"dBLJRMx0QY6w7NOdAxIZ\"}]}]]}]]}],[\"$\",\"script\",null,{\"type\":\"application/ld+json\",\"suppressHydrationWarning\":true,\"dangerouslySetInnerHTML\":{\"__html\":\"{\\\"@context\\\":\\\"https://schema.org\\\",\\\"@type\\\":\\\"TechArticle\\\",\\\"headline\\\":\\\"Critical Vulnerability: CVE-2026-12048\\\",\\\"description\\\":\\\"Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relati\\\",\\\"datePublished\\\":\\\"2026-06-19T01:58:21.456Z\\\",\\\"author\\\":{\\\"@type\\\":\\\"Organization\\\",\\\"name\\\":\\\"Vulnios\\\"},\\\"publisher\\\":{\\\"@type\\\":\\\"Organization\\\",\\\"name\\\":\\\"Vulnios\\\",\\\"url\\\":\\\"https://vulnios.com\\\",\\\"logo\\\":{\\\"@type\\\":\\\"ImageObject\\\",\\\"url\\\":\\\"https://vulnios.com/brand/logo/mark-on-dark.svg\\\"}},\\\"mainEntityOfPage\\\":{\\\"@type\\\":\\\"WebPage\\\",\\\"@id\\\":\\\"https://vulnios.com/threats/cve-2026-12048-critical-vulnerability-cve-2026-12048-2026-06-19\\\"}}\"}}],[\"$\",\"script\",null,{\"type\":\"application/ld+json\",\"suppressHydrationWarning\":true,\"dangerouslySetInnerHTML\":{\"__html\":\"{\\\"@context\\\":\\\"https://schema.org\\\",\\\"@type\\\":\\\"BreadcrumbList\\\",\\\"itemListElement\\\":[{\\\"@type\\\":\\\"ListItem\\\",\\\"position\\\":1,\\\"name\\\":\\\"Home\\\",\\\"item\\\":\\\"https://vulnios.com/\\\"},{\\\"@type\\\":\\\"ListItem\\\",\\\"position\\\":2,\\\"name\\\":\\\"Threat Alerts\\\",\\\"item\\\":\\\"https://vulnios.com/threats\\\"},{\\\"@type\\\":\\\"ListItem\\\",\\\"position\\\":3,\\\"name\\\":\\\"Critical Vulnerability: CVE-2026-12048\\\",\\\"item\\\":\\\"https://vulnios.com/threats/cve-2026-12048-critical-vulnerability-cve-2026-12048-2026-06-19\\\"}]}\"}}],[\"$\",\"script\",null,{\"type\":\"application/ld+json\",\"suppressHydrationWarning\":true,\"dangerouslySetInnerHTML\":{\"__html\":\"$21\"}}],[\"$\",\"article\",null,{\"className\":\"max-w-3xl mx-auto px-6 py-12\",\"children\":[null,[\"$\",\"section\",null,{\"className\":\"mb-10 p-5 rounded-xl bg-white/[0.02] border border-white/[0.06]\",\"children\":[[\"$\",\"h2\",null,{\"className\":\"text-lg font-bold text-foreground mb-3 flex items-center gap-2\",\"children\":[[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-shield h-5 w-5 text-primary\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"oel41y\",{\"d\":\"M20 13c0 5-3.5 7.5-7.66 8.95a1 1 0 0 1-.67-.01C7.5 20.5 4 18 4 13V6a1 1 0 0 1 1-1c2 0 4.5-1.2 6.24-2.72a1.17 1.17 0 0 1 1.52 0C14.51 3.81 17 5 19 5a1 1 0 0 1 1 1z\"}],\"$undefined\"]}],\"Vulnerability Snapshot\"]}],[\"$\",\"div\",null,{\"className\":\"blog-content prose-invert\",\"dangerouslySetInnerHTML\":{\"__html\":\"\u003cp class=\\\"blog-p\\\"\u003e\u003cstrong\u003eCVE-2026-12048\u003c/strong\u003e is rated \u003cstrong\u003eCRITICAL\u003c/strong\u003e — exploitation is trivial or already observed in the wild and impact is severe. Patch immediately, not on the next maintenance window.\u003c/p\u003e\"}}]]}],[[\"$\",\"section\",\"exec-summary\",{\"className\":\"mb-10\",\"children\":[[\"$\",\"h2\",null,{\"className\":\"text-xl font-bold text-foreground mb-4 flex items-center gap-2\",\"children\":[false,false,false,false,\"Executive Summary\"]}],[\"$\",\"div\",null,{\"className\":\"blog-content prose-invert\",\"dangerouslySetInnerHTML\":{\"__html\":\"\u003cp class=\\\"blog-p\\\"\u003eStored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields) was passed verbatim through html-react-parser at every user-facing sink — the notifier toasts, FormFooterMessage / FormInput help and error areas, FormNote, ModalProvider AlertContent and confirmDelete, ToolErrorView, the Explain visualiser's NodeText panel, the SQL editor confirm dialogs, ConfirmSaveContent, PreferencesHelper modal alerts, and SelectThemes helper text. A PostgreSQL server an attacker controls — or any server returning attacker-influenced text such as a table or column name a low-privilege database user can create — could inject arbitrary HTML (including \u003ciframe\u003e) into the pgAdmin DOM the moment the victim's pgAdmin connected to that server or viewed an Explain plan that referenced the cra\u003c/p\u003e\"}}]]}],[\"$\",\"section\",\"why-it-matters\",{\"className\":\"mb-10\",\"children\":[[\"$\",\"h2\",null,{\"className\":\"text-xl font-bold text-foreground mb-4 flex items-center gap-2\",\"children\":[[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-triangle-alert h-5 w-5 text-orange-400\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"wmoenq\",{\"d\":\"m21.73 18-8-14a2 2 0 0 0-3.48 0l-8 14A2 2 0 0 0 4 21h16a2 2 0 0 0 1.73-3\"}],[\"$\",\"path\",\"juzpu7\",{\"d\":\"M12 9v4\"}],[\"$\",\"path\",\"p32p05\",{\"d\":\"M12 17h.01\"}],\"$undefined\"]}],false,false,false,\"Why It Matters\"]}],[\"$\",\"div\",null,{\"className\":\"blog-content prose-invert\",\"dangerouslySetInnerHTML\":{\"__html\":\"\u003cp class=\\\"blog-p\\\"\u003e\u003cstrong\u003eCVE-2026-12048\u003c/strong\u003e is rated \u003cstrong\u003eCRITICAL\u003c/strong\u003e severity, requiring immediate attention from security teams.\u003c/p\u003e\\n\u003cp class=\\\"blog-p\\\"\u003eCVSS Base Score: \u003cstrong\u003e9.3/10\u003c/strong\u003e\u003c/p\u003e\"}}]]}],[\"$\",\"section\",\"defender-actions\",{\"className\":\"mb-10\",\"children\":[[\"$\",\"h2\",null,{\"className\":\"text-xl font-bold text-foreground mb-4 flex items-center gap-2\",\"children\":[false,[\"$\",\"span\",null,{\"className\":\"text-xl\",\"children\":\"🛡️\"}],false,false,\"What Defenders Should Check\"]}],[\"$\",\"div\",null,{\"className\":\"blog-content prose-invert\",\"dangerouslySetInnerHTML\":{\"__html\":\"\u003cli class=\\\"blog-li-ordered\\\"\u003e\u003cstrong\u003eCheck if you are affected\u003c/strong\u003e — Review your asset inventory for products listed in CVE-2026-12048.\u003c/li\u003e\\n\u003cli class=\\\"blog-li-ordered\\\"\u003e\u003cstrong\u003eApply available patches\u003c/strong\u003e — Visit vendor advisories for the latest security updates.\u003c/li\u003e\\n\u003cli class=\\\"blog-li-ordered\\\"\u003e\u003cstrong\u003eMonitor for exploitation\u003c/strong\u003e — Check your SIEM/IDS logs for related indicators.\u003c/li\u003e\\n\u003cp class=\\\"blog-p\\\"\u003eUse \u003ca href=\\\"https://vulnios.com/sign-up?utm_source=threat-post\u0026utm_medium=inline-cta\\\" class=\\\"blog-link\\\" target=\\\"_blank\\\" rel=\\\"noopener noreferrer\\\"\u003eVulnios\u003c/a\u003e to continuously monitor your exposure to CVE-2026-12048 and similar vulnerabilities.\u003c/p\u003e\"}}]]}],[\"$\",\"section\",\"references\",{\"className\":\"mb-10\",\"children\":[[\"$\",\"h2\",null,{\"className\":\"text-xl font-bold text-foreground mb-4 flex items-center gap-2\",\"children\":[false,false,false,[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-external-link h-5 w-5 text-muted-foreground\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"1q9fwt\",{\"d\":\"M15 3h6v6\"}],[\"$\",\"path\",\"gplh6r\",{\"d\":\"M10 14 21 3\"}],[\"$\",\"path\",\"a6xqqp\",{\"d\":\"M18 13v6a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V8a2 2 0 0 1 2-2h6\"}],\"$undefined\"]}],\"References \u0026 Sources\"]}],[\"$\",\"div\",null,{\"className\":\"blog-content prose-invert\",\"dangerouslySetInnerHTML\":{\"__html\":\"\u003cli class=\\\"blog-li\\\"\u003e\u003ca href=\\\"https://github.com/pgadmin-org/pgadmin4/commit/9e370d3cb67b83b3945f82969c959fad3f926517\\\" class=\\\"blog-link\\\" target=\\\"_blank\\\" rel=\\\"noopener noreferrer\\\"\u003ehttps://github.com/pgadmin-org/pgadmin4/commit/9e370d3cb67b83b3945f82969c959fad3f926517\u003c/a\u003e\u003c/li\u003e\\n\u003cli class=\\\"blog-li\\\"\u003e\u003ca href=\\\"https://github.com/pgadmin-org/pgadmin4/issues/10068\\\" class=\\\"blog-link\\\" target=\\\"_blank\\\" rel=\\\"noopener noreferrer\\\"\u003ehttps://github.com/pgadmin-org/pgadmin4/issues/10068\u003c/a\u003e\u003c/li\u003e\"}}]]}]],[\"$\",\"section\",null,{\"className\":\"mb-10\",\"children\":[[\"$\",\"h2\",null,{\"className\":\"text-xl font-bold text-foreground mb-4 flex items-center gap-2\",\"children\":[[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-shield h-5 w-5 text-emerald-400\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"oel41y\",{\"d\":\"M20 13c0 5-3.5 7.5-7.66 8.95a1 1 0 0 1-.67-.01C7.5 20.5 4 18 4 13V6a1 1 0 0 1 1-1c2 0 4.5-1.2 6.24-2.72a1.17 1.17 0 0 1 1.52 0C14.51 3.81 17 5 19 5a1 1 0 0 1 1 1z\"}],\"$undefined\"]}],\"How Vulnios Detects This\"]}],[\"$\",\"div\",null,{\"className\":\"blog-content prose-invert\",\"dangerouslySetInnerHTML\":{\"__html\":\"\u003cp class=\\\"blog-p\\\"\u003eVulnios scans for this vulnerability using \u003cstrong\u003eTrivy\u003c/strong\u003e and \u003cstrong\u003eGrype\u003c/strong\u003e for SBOM-based CVE matching and \u003cstrong\u003eVulnios CVE feed\u003c/strong\u003e continuous monitoring against your asset inventory. Run a scan against your environment to see whether you are exposed; findings are linked back to the original CVE record so triage starts with the patch path already known.\u003c/p\u003e\"}}]]}],[\"$\",\"div\",null,{\"className\":\"mb-10\",\"children\":[\"$\",\"$L22\",null,{\"postId\":\"dBLJRMx0QY6w7NOdAxIZ\"}]}],false,[\"$\",\"div\",null,{\"className\":\"mb-10 p-5 rounded-xl bg-white/[0.02] border border-white/[0.06]\",\"children\":[[\"$\",\"h3\",null,{\"className\":\"text-sm font-semibold text-foreground mb-3\",\"children\":\"Sources\"}],[\"$\",\"ul\",null,{\"className\":\"space-y-1\",\"children\":[[\"$\",\"li\",\"0\",{\"className\":\"text-sm\",\"children\":[\"$\",\"a\",null,{\"href\":\"https://nvd.nist.gov/vuln/detail/CVE-2026-12048\",\"target\":\"_blank\",\"rel\":\"noopener noreferrer\",\"className\":\"text-primary hover:text-primary/80 transition-colors inline-flex items-center gap-1\",\"children\":[\"NVD / NIST\",[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-external-link h-3 w-3\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"1q9fwt\",{\"d\":\"M15 3h6v6\"}],[\"$\",\"path\",\"gplh6r\",{\"d\":\"M10 14 21 3\"}],[\"$\",\"path\",\"a6xqqp\",{\"d\":\"M18 13v6a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2V8a2 2 0 0 1 2-2h6\"}],\"$undefined\"]}]]}]}]]}]]}],[\"$\",\"section\",null,{\"className\":\"mb-10 p-5 rounded-xl bg-white/[0.02] border border-white/[0.06]\",\"children\":[[\"$\",\"h2\",null,{\"className\":\"text-lg font-bold text-foreground mb-4 flex items-center gap-2\",\"children\":[[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-triangle-alert h-5 w-5 text-orange-400\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"wmoenq\",{\"d\":\"m21.73 18-8-14a2 2 0 0 0-3.48 0l-8 14A2 2 0 0 0 4 21h16a2 2 0 0 0 1.73-3\"}],[\"$\",\"path\",\"juzpu7\",{\"d\":\"M12 9v4\"}],[\"$\",\"path\",\"p32p05\",{\"d\":\"M12 17h.01\"}],\"$undefined\"]}],\"Related Threat Alerts\"]}],[\"$\",\"ul\",null,{\"className\":\"space-y-2\",\"children\":[[\"$\",\"li\",\"cve-2026-12045-critical-vulnerability-cve-2026-12045-2026-06-19\",{\"children\":[\"$\",\"$L1e\",null,{\"href\":\"/threats/cve-2026-12045-critical-vulnerability-cve-2026-12045-2026-06-19\",\"className\":\"group flex items-start gap-2 text-sm text-foreground hover:text-primary transition-colors\",\"children\":[[\"$\",\"span\",null,{\"className\":\"mt-1 inline-block h-1.5 w-1.5 rounded-full bg-muted-foreground/40 group-hover:bg-primary transition-colors flex-shrink-0\"}],[\"$\",\"span\",null,{\"className\":\"line-clamp-2\",\"children\":\"Critical Vulnerability: CVE-2026-12045\"}]]}]}],[\"$\",\"li\",\"cve-2026-12046-critical-vulnerability-cve-2026-12046-2026-06-19\",{\"children\":[\"$\",\"$L1e\",null,{\"href\":\"/threats/cve-2026-12046-critical-vulnerability-cve-2026-12046-2026-06-19\",\"className\":\"group flex items-start gap-2 text-sm text-foreground hover:text-primary transition-colors\",\"children\":[[\"$\",\"span\",null,{\"className\":\"mt-1 inline-block h-1.5 w-1.5 rounded-full bg-muted-foreground/40 group-hover:bg-primary transition-colors flex-shrink-0\"}],[\"$\",\"span\",null,{\"className\":\"line-clamp-2\",\"children\":\"Critical Vulnerability: CVE-2026-12046\"}]]}]}],[\"$\",\"li\",\"issue-with-containerd-cri-plugin-cve-2026-50195-cve-2026-53488-cve-2026-53492-cv-2026-06-19\",{\"children\":[\"$\",\"$L1e\",null,{\"href\":\"/threats/issue-with-containerd-cri-plugin-cve-2026-50195-cve-2026-53488-cve-2026-53492-cv-2026-06-19\",\"className\":\"group flex items-start gap-2 text-sm text-foreground hover:text-primary transition-colors\",\"children\":[[\"$\",\"span\",null,{\"className\":\"mt-1 inline-block h-1.5 w-1.5 rounded-full bg-muted-foreground/40 group-hover:bg-primary transition-colors flex-shrink-0\"}],[\"$\",\"span\",null,{\"className\":\"line-clamp-2\",\"children\":\"Issue with containerd CRI Plugin - CVE-2026-50195, CVE-2026-53488, CVE-2026-53492, CVE-2026-53489, CVE-2026-47262\"}]]}]}],[\"$\",\"li\",\"gentlemen-ransomware-uses-multiple-edr-killers-to-disable-defenses-2026-06-19\",{\"children\":[\"$\",\"$L1e\",null,{\"href\":\"/threats/gentlemen-ransomware-uses-multiple-edr-killers-to-disable-defenses-2026-06-19\",\"className\":\"group flex items-start gap-2 text-sm text-foreground hover:text-primary transition-colors\",\"children\":[[\"$\",\"span\",null,{\"className\":\"mt-1 inline-block h-1.5 w-1.5 rounded-full bg-muted-foreground/40 group-hover:bg-primary transition-colors flex-shrink-0\"}],[\"$\",\"span\",null,{\"className\":\"line-clamp-2\",\"children\":\"Gentlemen ransomware uses multiple EDR killers to disable defenses\"}]]}]}],[\"$\",\"li\",\"cisa-urges-hardening-fortinet-devices-after-reports-of-credential-exposure-2026-06-19\",{\"children\":[\"$\",\"$L1e\",null,{\"href\":\"/threats/cisa-urges-hardening-fortinet-devices-after-reports-of-credential-exposure-2026-06-19\",\"className\":\"group flex items-start gap-2 text-sm text-foreground hover:text-primary transition-colors\",\"children\":[[\"$\",\"span\",null,{\"className\":\"mt-1 inline-block h-1.5 w-1.5 rounded-full bg-muted-foreground/40 group-hover:bg-primary transition-colors flex-shrink-0\"}],[\"$\",\"span\",null,{\"className\":\"line-clamp-2\",\"children\":\"CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure\"}]]}]}],[\"$\",\"li\",\"cve-2026-48584-microsoft-azure-synapse-elevation-of-privilege-vulnerability-2026-06-19\",{\"children\":[\"$\",\"$L1e\",null,{\"href\":\"/threats/cve-2026-48584-microsoft-azure-synapse-elevation-of-privilege-vulnerability-2026-06-19\",\"className\":\"group flex items-start gap-2 text-sm text-foreground hover:text-primary transition-colors\",\"children\":[[\"$\",\"span\",null,{\"className\":\"mt-1 inline-block h-1.5 w-1.5 rounded-full bg-muted-foreground/40 group-hover:bg-primary transition-colors flex-shrink-0\"}],[\"$\",\"span\",null,{\"className\":\"line-clamp-2\",\"children\":\"CVE-2026-48584 Microsoft Azure Synapse Elevation of Privilege Vulnerability\"}]]}]}]]}]]}],[\"$\",\"section\",null,{\"className\":\"mb-10\",\"children\":[[\"$\",\"h2\",null,{\"className\":\"text-xl font-bold text-foreground mb-4 flex items-center gap-2\",\"children\":[[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-circle-question-mark h-5 w-5 text-primary\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"circle\",\"1mglay\",{\"cx\":\"12\",\"cy\":\"12\",\"r\":\"10\"}],[\"$\",\"path\",\"1u773s\",{\"d\":\"M9.09 9a3 3 0 0 1 5.83 1c0 2-3 3-3 3\"}],[\"$\",\"path\",\"p32p05\",{\"d\":\"M12 17h.01\"}],\"$undefined\"]}],\"Frequently Asked Questions\"]}],[\"$\",\"div\",null,{\"className\":\"space-y-4\",\"children\":[[\"$\",\"details\",\"0\",{\"className\":\"group rounded-xl bg-white/[0.02] border border-white/[0.06] open:border-white/[0.12]\",\"children\":[[\"$\",\"summary\",null,{\"className\":\"cursor-pointer px-5 py-3 text-sm font-semibold text-foreground hover:bg-white/[0.02] transition-colors list-none flex items-center justify-between gap-3\",\"children\":[[\"$\",\"span\",null,{\"children\":\"What is CVE-2026-12048?\"}],[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-4 w-4 text-muted-foreground group-open:rotate-90 transition-transform flex-shrink-0\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}]]}],[\"$\",\"div\",null,{\"className\":\"px-5 pb-4 pt-1 text-sm text-muted-foreground leading-relaxed blog-content prose-invert\",\"dangerouslySetInnerHTML\":{\"__html\":\"\u003cp class=\\\"blog-p\\\"\u003eCVE-2026-12048 is a critical-severity vulnerability tracked under the Common Vulnerabilities and Exposures program. Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relati\u003c/p\u003e\"}}]]}],[\"$\",\"details\",\"1\",{\"className\":\"group rounded-xl bg-white/[0.02] border border-white/[0.06] open:border-white/[0.12]\",\"children\":[[\"$\",\"summary\",null,{\"className\":\"cursor-pointer px-5 py-3 text-sm font-semibold text-foreground hover:bg-white/[0.02] transition-colors list-none flex items-center justify-between gap-3\",\"children\":[[\"$\",\"span\",null,{\"children\":\"Am I affected?\"}],[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-4 w-4 text-muted-foreground group-open:rotate-90 transition-transform flex-shrink-0\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}]]}],[\"$\",\"div\",null,{\"className\":\"px-5 pb-4 pt-1 text-sm text-muted-foreground leading-relaxed blog-content prose-invert\",\"dangerouslySetInnerHTML\":{\"__html\":\"\u003cp class=\\\"blog-p\\\"\u003eAffected technology is listed in the Affected Products section above. If your asset inventory contains any of them, assume in-scope until you can prove otherwise.\u003c/p\u003e\"}}]]}],[\"$\",\"details\",\"2\",{\"className\":\"group rounded-xl bg-white/[0.02] border border-white/[0.06] open:border-white/[0.12]\",\"children\":[[\"$\",\"summary\",null,{\"className\":\"cursor-pointer px-5 py-3 text-sm font-semibold text-foreground hover:bg-white/[0.02] transition-colors list-none flex items-center justify-between gap-3\",\"children\":[[\"$\",\"span\",null,{\"children\":\"How urgent is the response?\"}],[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-4 w-4 text-muted-foreground group-open:rotate-90 transition-transform flex-shrink-0\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}]]}],[\"$\",\"div\",null,{\"className\":\"px-5 pb-4 pt-1 text-sm text-muted-foreground leading-relaxed blog-content prose-invert\",\"dangerouslySetInnerHTML\":{\"__html\":\"\u003cp class=\\\"blog-p\\\"\u003eCritical: do not wait for your normal patch cycle. Verify exposure today, apply the vendor patch immediately, and add detection rules for any post-exploit indicators.\u003c/p\u003e\"}}]]}],[\"$\",\"details\",\"3\",{\"className\":\"group rounded-xl bg-white/[0.02] border border-white/[0.06] open:border-white/[0.12]\",\"children\":[[\"$\",\"summary\",null,{\"className\":\"cursor-pointer px-5 py-3 text-sm font-semibold text-foreground hover:bg-white/[0.02] transition-colors list-none flex items-center justify-between gap-3\",\"children\":[[\"$\",\"span\",null,{\"children\":\"How do I remediate?\"}],[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-4 w-4 text-muted-foreground group-open:rotate-90 transition-transform flex-shrink-0\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}]]}],[\"$\",\"div\",null,{\"className\":\"px-5 pb-4 pt-1 text-sm text-muted-foreground leading-relaxed blog-content prose-invert\",\"dangerouslySetInnerHTML\":{\"__html\":\"\u003cp class=\\\"blog-p\\\"\u003eApply the vendor patch listed in the upstream advisory linked under Sources. If the patch is not yet available, follow the vendor-supplied workaround (often a config flag or feature disable) and add detections for the published exploit pattern in your SIEM. Re-scan after the patch lands to confirm the finding clears.\u003c/p\u003e\"}}]]}],[\"$\",\"details\",\"4\",{\"className\":\"group rounded-xl bg-white/[0.02] border border-white/[0.06] open:border-white/[0.12]\",\"children\":[[\"$\",\"summary\",null,{\"className\":\"cursor-pointer px-5 py-3 text-sm font-semibold text-foreground hover:bg-white/[0.02] transition-colors list-none flex items-center justify-between gap-3\",\"children\":[[\"$\",\"span\",null,{\"children\":\"Where can I track exploitation activity?\"}],[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-4 w-4 text-muted-foreground group-open:rotate-90 transition-transform flex-shrink-0\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}]]}],[\"$\",\"div\",null,{\"className\":\"px-5 pb-4 pt-1 text-sm text-muted-foreground leading-relaxed blog-content prose-invert\",\"dangerouslySetInnerHTML\":{\"__html\":\"\u003cp class=\\\"blog-p\\\"\u003eWatch CISA's Known Exploited Vulnerabilities catalog for CVE-2026-12048. Cross-reference with public exploit databases and your own SIEM/IDS for indicator-of-compromise patterns. Vulnios tracks KEV status automatically and surfaces it on the asset findings view.\u003c/p\u003e\"}}]]}],[\"$\",\"details\",\"5\",{\"className\":\"group rounded-xl bg-white/[0.02] border border-white/[0.06] open:border-white/[0.12]\",\"children\":[[\"$\",\"summary\",null,{\"className\":\"cursor-pointer px-5 py-3 text-sm font-semibold text-foreground hover:bg-white/[0.02] transition-colors list-none flex items-center justify-between gap-3\",\"children\":[[\"$\",\"span\",null,{\"children\":\"How does Vulnios help with this?\"}],[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-chevron-right h-4 w-4 text-muted-foreground group-open:rotate-90 transition-transform flex-shrink-0\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"mthhwq\",{\"d\":\"m9 18 6-6-6-6\"}],\"$undefined\"]}]]}],[\"$\",\"div\",null,{\"className\":\"px-5 pb-4 pt-1 text-sm text-muted-foreground leading-relaxed blog-content prose-invert\",\"dangerouslySetInnerHTML\":{\"__html\":\"\u003cp class=\\\"blog-p\\\"\u003eVulnios continuously cross-references your asset inventory against the live CVE feed (NVD, vendor advisories, CISA KEV, and curated OSINT). When a new CVE matches your environment, you get a prioritized finding with the severity, KEV status, exploit-prediction (EPSS), and a direct path to the vendor patch. You can start a free scan from the homepage.\u003c/p\u003e\"}}]]}]]}]]}],[\"$\",\"div\",null,{\"className\":\"flex flex-wrap gap-2 mb-10\",\"children\":[[\"$\",\"span\",\"critical\",{\"className\":\"inline-flex items-center gap-1 text-[10px] font-medium uppercase tracking-wider text-primary/80 bg-primary/10 px-2 py-0.5 rounded-full\",\"children\":[[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-tag h-2.5 w-2.5\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"vktsd0\",{\"d\":\"M12.586 2.586A2 2 0 0 0 11.172 2H4a2 2 0 0 0-2 2v7.172a2 2 0 0 0 .586 1.414l8.704 8.704a2.426 2.426 0 0 0 3.42 0l6.58-6.58a2.426 2.426 0 0 0 0-3.42z\"}],[\"$\",\"circle\",\"kqv944\",{\"cx\":\"7.5\",\"cy\":\"7.5\",\"r\":\".5\",\"fill\":\"currentColor\"}],\"$undefined\"]}],\"critical\"]}],[\"$\",\"span\",\"xss\",{\"className\":\"inline-flex items-center gap-1 text-[10px] font-medium uppercase tracking-wider text-primary/80 bg-primary/10 px-2 py-0.5 rounded-full\",\"children\":[[\"$\",\"svg\",null,{\"xmlns\":\"http://www.w3.org/2000/svg\",\"width\":24,\"height\":24,\"viewBox\":\"0 0 24 24\",\"fill\":\"none\",\"stroke\":\"currentColor\",\"strokeWidth\":2,\"strokeLinecap\":\"round\",\"strokeLinejoin\":\"round\",\"className\":\"lucide lucide-tag h-2.5 w-2.5\",\"aria-hidden\":\"true\",\"children\":[[\"$\",\"path\",\"vktsd0\",{\"d\":\"M12.586 2.586A2 2 0 0 0 11.172 2H4a2 2 0 0 0-2 2v7.172a2 2 0 0 0 .586 1.414l8.704 8.704a2.426 2.426 0 0 0 3.42 0l6.58-6.58a2.426 2.426 0 0 0 0-3.42z\"}],[\"$\",\"circle\",\"kqv944\",{\"cx\":\"7.5\",\"cy\":\"7.5\",\"r\":\".5\",\"fill\":\"currentColor\"}],\"$undefined\"]}],\"xss\"]}]]}],[\"$\",\"div\",null,{\"className\":\"mt-16\",\"children\":[\"$\",\"$L23\",null,{\"postId\":\"dBLJRMx0QY6w7NOdAxIZ\"}]}],[\"$\",\"$L24\",null,{\"postId\":\"dBLJRMx0QY6w7NOdAxIZ\"}]]}]]}]\n"])</script></body></html>