Security Advisory

CVE-2026-21873

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-08 09:50:23

Last updated 2026-01-08 15:11:24

Assigner GitHub_M

State PUBLISHED

Description

NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the pushstate event listener used by ui.sub_pages allows an attacker to manipulate the fragment identifier of the URL, which they can do despite being cross-site, using an iframe. This issue has been patched in version 3.5.0.

← Browse all CVEs View on cve.org ↗