{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32721", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-13T15:02:00.625Z", "datePublished": "2026-03-19T22:46:43.909Z", "dateUpdated": "2026-03-25T03:56:15.781Z"}, "containers": {"cna": {"title": "LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/openwrt/luci/security/advisories/GHSA-vvj6-7362-pjrw", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/openwrt/luci/security/advisories/GHSA-vvj6-7362-pjrw"}, {"name": "https://github.com/openwrt/luci/commit/068150ba5f524ef6b03817b258d31ec310053fd6", "tags": ["x_refsource_MISC"], "url": "https://github.com/openwrt/luci/commit/068150ba5f524ef6b03817b258d31ec310053fd6"}, {"name": "https://github.com/openwrt/luci/commit/cdce600aaec66f762f18d608c74cbf3abcafe1c7", "tags": ["x_refsource_MISC"], "url": "https://github.com/openwrt/luci/commit/cdce600aaec66f762f18d608c74cbf3abcafe1c7"}], "affected": [{"vendor": "openwrt", "product": "luci", "versions": [{"version": "< 26.072.65753~068150b", "status": "affected"}]}, {"vendor": "openwrt", "product": "openwrt", "versions": [{"version": "< 24.10.6", "status": "affected"}, {"version": ">= 25.12.0, < 25.12.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-19T22:46:43.909Z"}, "descriptions": [{"lang": "en", "value": "LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passes SSIDs via a template literal to dom.append(), which processes them through innerHTML, allowing an attacker to craft a malicious SSID containing arbitrary HTML/JavaScript. Exploitation requires the user to actively open the wireless scan modal (e.g., to connect to a Wi-Fi access point or survey nearby channels), and only affects OpenWrt versions newer than 23.05/22.03 up to the patched releases (24.10.6 and 25.12.1). The issue has been fixed in version LuCI 26.072.65753~068150b."}], "source": {"advisory": "GHSA-vvj6-7362-pjrw", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-24T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-32721"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T03:56:15.781Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32721", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-20T17:33:24.319038Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-20T17:33:46.277Z"}}], "cna": {"title": "LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal", "source": {"advisory": "GHSA-vvj6-7362-pjrw", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "openwrt", "product": "luci", "versions": [{"status": "affected", "version": "< 26.072.65753~068150b"}]}, {"vendor": "openwrt", "product": "openwrt", "versions": [{"status": "affected", "version": "< 24.10.6"}, {"status": "affected", "version": ">= 25.12.0, < 25.12.1"}]}], "references": [{"url": "https://github.com/openwrt/luci/security/advisories/GHSA-vvj6-7362-pjrw", "name": "https://github.com/openwrt/luci/security/advisories/GHSA-vvj6-7362-pjrw", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/openwrt/luci/commit/068150ba5f524ef6b03817b258d31ec310053fd6", "name": "https://github.com/openwrt/luci/commit/068150ba5f524ef6b03817b258d31ec310053fd6", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/openwrt/luci/commit/cdce600aaec66f762f18d608c74cbf3abcafe1c7", "name": "https://github.com/openwrt/luci/commit/cdce600aaec66f762f18d608c74cbf3abcafe1c7", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passes SSIDs via a template literal to dom.append(), which processes them through innerHTML, allowing an attacker to craft a malicious SSID containing arbitrary HTML/JavaScript. Exploitation requires the user to actively open the wireless scan modal (e.g., to connect to a Wi-Fi access point or survey nearby channels), and only affects OpenWrt versions newer than 23.05/22.03 up to the patched releases (24.10.6 and 25.12.1). The issue has been fixed in version LuCI 26.072.65753~068150b."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-19T22:46:43.909Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32721", "state": "PUBLISHED", "dateUpdated": "2026-03-25T03:56:15.781Z", "dateReserved": "2026-03-13T15:02:00.625Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-19T22:46:43.909Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openwrt:luci:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9CC9A18-0DFA-4B5D-805A-A1529F23D4C8", "versionEndExcluding": "26.072.65753-068150b", "vulnerable": true}, {"criteria": "cpe:2.3:o:openwrt:openwrt:*:*:*:*:*:*:*:*", "matchCriteriaId": "12B5818C-BB4D-4486-9C53-7FCA8EF2EDA8", "versionEndExcluding": "24.10.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:openwrt:openwrt:*:*:*:*:*:*:*:*", "matchCriteriaId": "061FA3CA-10C0-4EF2-8566-E623964CAE79", "versionEndExcluding": "25.12.1", "versionStartIncluding": "25.12.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LuCI is the OpenWrt Configuration Interface. Versions prior to both 24.10.5 and 25.12.0, contain a stored XSS vulnerability in the wireless scan modal, where SSID values from scan results are rendered as raw HTML without any sanitization. The wireless.js file in the luci-mod-network package passes SSIDs via a template literal to dom.append(), which processes them through innerHTML, allowing an attacker to craft a malicious SSID containing arbitrary HTML/JavaScript. Exploitation requires the user to actively open the wireless scan modal (e.g., to connect to a Wi-Fi access point or survey nearby channels), and only affects OpenWrt versions newer than 23.05/22.03 up to the patched releases (24.10.6 and 25.12.1). The issue has been fixed in version LuCI 26.072.65753~068150b."}, {"lang": "es", "value": "LuCI es la interfaz de configuraci\u00f3n de OpenWrt. Las versiones anteriores a la 24.10.5 y a la 25.12.0 contienen una vulnerabilidad de XSS almacenado en el modal de escaneo inal\u00e1mbrico, donde los valores de SSID de los resultados del escaneo se renderizan como HTML sin procesar sin ninguna sanitizaci\u00f3n. El archivo wireless.js en el paquete luci-mod-network pasa los SSID a trav\u00e9s de un literal de plantilla a dom.append(), que los procesa a trav\u00e9s de innerHTML, permitiendo a un atacante crear un SSID malicioso que contenga HTML/JavaScript arbitrario. La explotaci\u00f3n requiere que el usuario abra activamente el modal de escaneo inal\u00e1mbrico (por ejemplo, para conectarse a un punto de acceso Wi-Fi o para explorar canales cercanos), y solo afecta a las versiones de OpenWrt posteriores a la 23.05/22.03 hasta las versiones parcheadas (24.10.6 y 25.12.1). El problema ha sido solucionado en la versi\u00f3n LuCI 26.072.65753~068150b."}], "id": "CVE-2026-32721", "lastModified": "2026-04-14T17:49:24.540", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-19T23:16:44.030", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/openwrt/luci/commit/068150ba5f524ef6b03817b258d31ec310053fd6"}, {"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/openwrt/luci/commit/cdce600aaec66f762f18d608c74cbf3abcafe1c7"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/openwrt/luci/security/advisories/GHSA-vvj6-7362-pjrw"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "LuCI: luci-mod-network: OpenWrt: openwrt/luci: LuCI: Arbitrary code execution via malicious Wi-Fi SSID in wireless scan modal", "id": "2449305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449305"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-79", "details": ["A flaw was found in LuCI, the OpenWrt Configuration Interface. A remote attacker can exploit a stored Cross-Site Scripting (XSS) vulnerability in the wireless scan modal by crafting a malicious Wi-Fi network name (SSID). When a user opens the wireless scan modal, the unsanitized SSID is rendered as raw HTML, allowing the attacker to execute arbitrary HTML or JavaScript code in the user's browser. This can lead to information disclosure or other malicious activities."], "name": "CVE-2026-32721", "public_date": "2026-03-19T22:46:43Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-32721\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32721\nhttps://github.com/openwrt/luci/commit/068150ba5f524ef6b03817b258d31ec310053fd6\nhttps://github.com/openwrt/luci/commit/cdce600aaec66f762f18d608c74cbf3abcafe1c7\nhttps://github.com/openwrt/luci/security/advisories/GHSA-vvj6-7362-pjrw"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,26.072.65753~068150b)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "luci", "source": "cna", "vendor": "openwrt"}, "product": "luci", "vendor": "openwrt"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,24.10.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[25.12.0,25.12.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "openwrt", "source": "cna", "vendor": "openwrt"}, "product": "openwrt", "vendor": "openwrt"}], "analysis": {"en": {"generated_at": "2026-04-14T21:12:20.135975+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest LuCI version, at least 24.10.6, 25.12.1, or newer revision 26.072.65753~068150b, which removes the vulnerable code.", "Confirm that the luci-mod-network package has been replaced and no older versions remain installed."], "summary": {"action": "Apply Patch", "impact": "Stored Cross\u2011Site Scripting that allows an attacker to inject and execute arbitrary script within the user\u2019s LuCI interface when a WiFi scan modal is opened."}, "threat_synthesis": {"affected_systems": "The vulnerability affects OpenWrt LuCI installations that use the luci-mod-network package and run LuCI versions earlier than 24.10.5 or 25.12.0. It applies to OpenWrt releases newer than 23.05/22.03 up to the patched releases 24.10.6, 25.12.1, and subsequently to any newer builds that include the LuCI 26.072.65753~068150b update. Devices running these openwrt releases are therefore impacted unless updated.", "description_and_impact": "A stored XSS flaw exists in the LuCI wireless scan modal. SSIDs returned from a scan are inserted into the page via a template literal that feeds raw text into innerHTML without sanitization. An attacker can broadcast a rogue access point with a malicious SSID that contains arbitrary HTML or JavaScript, which will be rendered when a user opens the scan modal and the page processes the SSID. This can lead to session hijacking, credential theft, or arbitrary code execution with the privileges of the logged\u2011in user.", "risk_and_exploitability": "The CVSS score is 8.6, categorising the issue as high severity. Exploitation requires human interaction: the victim must open the wireless scan modal while connected to or within range of an access point broadcasting a malicious SSID. The EPSS probability is below 1\u202f%, indicating a low likelihood of immediate widespread use. The flaw is not currently listed in the CISA KEV catalog. Attackers would need to control SSID broadcasting and motivate the user to open the scan modal, making exploitation more complex but still feasible in targeted scenarios."}}}}, "created": "2026-03-20T08:54:38.168311+00:00", "updated": "2026-04-15T16:45:09.824774+00:00", "vendors": ["openwrt", "openwrt$PRODUCT$luci", "openwrt$PRODUCT$openwrt"]}