Question 1

What is CVE-2026-13140 — CVE-2026-13140?

Accepted Answer

Stored Cross-Site Scripting in the exposed AWS API key store of Thinkst Applied Research Canarytokens. Anonymous exploitation requires knowledge of a random identifier. This issue affects Canarytokens: from Docker tag sha-4116b92cb before sha-f5aa5c4e, from Git commit 4116b92cb before f5aa5c4e.

Question 2

What is the authoritative source for CVE-2026-13140?

Accepted Answer

CVE-2026-13140 (CVE-2026-13140) is catalogued in NVD + CISA KEV + FIRST EPSS and curated for EU compliance use cases by SQUR.

CVE-2026-13140CVE-2026-13140

Description

Scoring