Upstream information

CVE-2026-50133 at MITRE

Description

Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the text/html media type (typically .html files under /content, or pages produced by a content adapter that sets content.mediaType = "text/html") had their body emitted verbatim into the rendered page. A site that ingests HTML content from an untrusted source could therefore be served stored cross-site scripting. This vulnerability is fixed in 0.162.0.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v3 Scores
CVSS detail National Vulnerability Database SUSE
Base Score 6.1 5.4
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector Network Network
Attack Complexity Low Low
Privileges Required None Low
User Interaction Required None
Scope Changed Unchanged
Confidentiality Impact Low Low
Integrity Impact Low Low
Availability Impact None None
CVSSv3 Version 3.1 3.1
CVSS v4 Scores
CVSS detail CNA (GitHub) SUSE
Base Score 5.1 5.1
Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Attack Vector Network Network
Attack Complexity Low Low
Attack Requirements None None
Privileges Required None Low
User Interaction Active Passive
Vulnerable System Confidentiality Impact None None
Vulnerable System Integrity Impact None None
Vulnerable System Availability Impact None None
Subsequent System Confidentiality Impact Low Low
Subsequent System Integrity Impact Low Low
Subsequent System Availability Impact None None
CVSSv4 Version 4.0 4.0
SUSE Bugzilla entry: 1268391 [NEW]

No SUSE Security Announcements cross referenced.


SUSE Timeline for this CVE

CVE page created: Wed Jun 17 00:00:29 2026
CVE page last modified: Wed Jul 8 11:59:37 2026