CVE•Published 2026-05-28•Modified 2026-06-01•0 articles on news•5 live references•NVD data

CVE-2026-9646

Vulnerability data via NVD (ingested)

CVSS v3.1

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS percentile

—

Weaknesses (CWE)

CWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Description

A reflected cross-site scripting issue exists in URL handling.

Timeline

Published 2026-05-28

Modified 2026-06-01

External references

NVD MITRE Exploit-DB Sploitus VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2026-9646

Hosts Shodan has explicitly fingerprinted as vulnerable.

More intel sources (5)

Shodan report

vuln:CVE-2026-9646

Country / ASN / product breakdown for the vuln query.

Censys

vulnerabilities.cve_id: CVE-2026-9646

Censys host search filtered to this CVE id.

grep.app

CVE-2026-9646

Public source-code mentions — fast PoC discovery.

GitHub code

CVE-2026-9646

GitHub code search for direct mentions.

Google dork

"CVE-2026-9646" exploit -site:nvd.nist.gov

Write-ups and news, NVD excluded.

Known PoCs on GitHub (1)

CVE-2026-96461 repo

lintsinghua/DeepAuditPython

DeepAudit：人人拥有的 AI 黑客战队，让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行，自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署，一键生成报告。支持中转站。让安全不再昂贵，让审计不再复杂。

★ 6,351·updated 2mo ago

We haven't classified any articles referencing CVE-2026-9646 yet. The external references above still apply.