CVE-2026-3457 PUBLISHED

Stored XSS vulnerability in Sentinel ACC

Assigner: THA-PSIRT
Reserved: 02.03.2026 Published: 27.03.2026 Updated: 27.03.2026

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:L/SI:H/SA:N/E:P
CVSS Score: 7

Product Status

Vendor Thales
Product Sentinel LDK Runtime
Versions Default: unaffected
  • affected from 0 to 10.22 (excl.)

Solutions

Upgrade current Sentinel LDK Runtime to version 10.22 or higher.

Credits

  • Josh Dillon finder

References

Problem Types

  • CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') CWE

Impacts

  • CAPEC-592 Stored XSS