CVE-2026-12888

CVE-2026-12888CVE-2026-12888

Description

An HTML injection vulnerability exists in the Google Chat webhook notification  sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90 before sha-8ab4dccd, from Git commit 4aef1db90 before 8ab4dccd.

Scoring

Last modified2026-06-23
Sourced from NVD. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.