CVE-2026-32721

{"id": "CVE-2026-32721", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2026-03-19T23:16:44.030", "references": [{"url": "https://github.com/openwrt/luci/commit/068150ba5f524ef6b03817b258d31ec310053fd6", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/openwrt/luci/commit/cdce600aaec66f762f18d608c74cbf3abcafe1c7", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/openwrt/luci/security/advisories/GHSA-vvj6-7362-pjrw", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passes SSIDs via a template literal to dom.append(), which processes them through innerHTML, allowing an attacker to craft a malicious SSID containing arbitrary HTML/JavaScript. Exploitation requires the user to actively open the wireless scan modal (e.g., to connect to a Wi-Fi access point or survey nearby channels), and only affects OpenWrt versions newer than 23.05/22.03 up to the patched releases (24.10.6 and 25.12.1). The issue has been fixed in version LuCI 26.072.65753~068150b."}, {"lang": "es", "value": "LuCI es la interfaz de configuraci\u00f3n de OpenWrt. Las versiones anteriores a la 24.10.5 y a la 25.12.0 contienen una vulnerabilidad de XSS almacenado en el modal de escaneo inal\u00e1mbrico, donde los valores de SSID de los resultados del escaneo se renderizan como HTML sin procesar sin ninguna sanitizaci\u00f3n. El archivo wireless.js en el paquete luci-mod-network pasa los SSID a trav\u00e9s de un literal de plantilla a dom.append(), que los procesa a trav\u00e9s de innerHTML, permitiendo a un atacante crear un SSID malicioso que contenga HTML/JavaScript arbitrario. La explotaci\u00f3n requiere que el usuario abra activamente el modal de escaneo inal\u00e1mbrico (por ejemplo, para conectarse a un punto de acceso Wi-Fi o para explorar canales cercanos), y solo afecta a las versiones de OpenWrt posteriores a la 23.05/22.03 hasta las versiones parcheadas (24.10.6 y 25.12.1). El problema ha sido solucionado en la versi\u00f3n LuCI 26.072.65753~068150b."}], "lastModified": "2026-04-14T17:49:24.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:openwrt:luci:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9CC9A18-0DFA-4B5D-805A-A1529F23D4C8", "versionEndExcluding": "26.072.65753-068150b"}, {"criteria": "cpe:2.3:o:openwrt:openwrt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12B5818C-BB4D-4486-9C53-7FCA8EF2EDA8", "versionEndExcluding": "24.10.6"}, {"criteria": "cpe:2.3:o:openwrt:openwrt:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "061FA3CA-10C0-4EF2-8566-E623964CAE79", "versionEndExcluding": "25.12.1", "versionStartIncluding": "25.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}