Security Advisory

CVE-2026-29082

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-06 16:33:31

Last updated 2026-03-09 14:59:32

Assigner GitHub_M

State PUBLISHED

Description

Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown (.md) with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there are no publicly available patches.

← Browse all CVEs View on cve.org ↗