{“lastseen”:””,”description”:”An HTML injection vulnerability exists in the Google Chat webhook notification\u00a0 sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links.\\n\\n\\nThis issue affects Canarytokens: from Docker tag sha-4aef1db90 before sha-8ab4dccd, from Git commit 4aef1db90 before 8ab4dccd.”,”published”:”2026-06-22T13:05:53.827Z”,”modified”:”2026-06-22T13:05:53.827Z”,”type”:”cve”,”title”:”HTML injection in the Canarytoken Google Chat notification”,”source”:”ThinkstAppliedResearch”,”references”:”https:\/\/github.com\/thinkst\/canarytokens\/security\/advisories\/GHSA-vcfc-7466-8q65″,”id”:”CVE-2026-12888″,”bulletinFamily”:””,”cwe”:[“CWE-74″],”cvelist”:null,”sourceData”:”Thinkst Applied Research Canarytokens sha-4aef1db90\\nThinkst Applied Research Canarytokens 4aef1db90″,”sourceHref”:””,”cvss”:{“score”:2,”severity”:”LOW”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:A\/VC:N\/VI:N\/VA:N\/SC:N\/SI:L\/SA:N\/E:P\/AU:N\/RE:L\/U:Green”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”Canarytokens”,”version”:”sha-4aef1db90″,”vendor”:”Thinkst Applied Research”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”An HTML injection vulnerability exists in the Google Chat webhook notification\u00a0 sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,142,12,71,13,7,11,5],"class_list":["post-64704","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-20","tag-exploit","tag-low","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n