{"data":{"id":"5ae6c7ae-ca16-4041-9c24-fcfe0b649034","title":"CVE-2026-41691: Copilot said: i18nextify is a JavaScript library that adds\ni18nextify is a JavaScript library that adds website internat","summary":"i18nextify is a JavaScript library that enables website internationalization (support for multiple languages) through a simple script tag. Versions before 3.0.5 have a URL-injection vulnerability (where attackers can manipulate URLs by injecting special characters) because the library doesn't properly validate language and namespace values before using them in web requests, allowing attackers to exploit this if an application accepts user input for language selection.","solution":"This issue has been fixed in version 3.0.5. If users cannot upgrade immediately, they can work around the issue by sanitising lng / ns before they reach i18next by stripping .., /, \\, ?, #, %, whitespace, and control characters; and capping the length.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-41691","publishedAt":"2026-05-07T21:16:29.560Z","cveId":"CVE-2026-41691","cweIds":["CWE-22","CWE-74"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["i18nextify"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-07T21:16:29.560Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.7,"researchCategory":null,"atlasIds":["AML.T0010"]}}