Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
CVE-2026-22209 - CVE Details, Severity, and Analysis | Strobes VI
in the custom CSS setting to execute arbitrary JavaScript in user browsers.","datePublished":"2026-05-26T09:09:20.645000","dateModified":"2026-05-26T10:15:06.534000","author":{"@type":"Organization","name":"Strobes Security","url":"https://strobes.co"},"publisher":{"@type":"Organization","name":"Strobes VI","url":"https://vi.strobes.co"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://vi.strobes.co/cve/CVE-2026-22209"},"about":{"@type":"Thing","name":"CVE-2026-22209","description":"Security vulnerability CVE-2026-22209 with CVSS score 5.5"},"keywords":["CVE-2026-22209","CVE","vulnerability","security","medium","patch available","Wpdiscuz"]} in the custom CSS setting to execute arbitrary JavaScript in user browsers."}},{"@type":"Question","name":"What is the severity of CVE-2026-22209?","acceptedAnswer":{"@type":"Answer","text":"CVE-2026-22209 has a CVSS v3 score of 5.5, which is classified as Medium severity."}},{"@type":"Question","name":"Is there an exploit available for CVE-2026-22209?","acceptedAnswer":{"@type":"Answer","text":"No known public exploits are currently available for CVE-2026-22209."}},{"@type":"Question","name":"Is there a patch available for CVE-2026-22209?","acceptedAnswer":{"@type":"Answer","text":"Yes, patches are available for CVE-2026-22209. Check the vendor advisories for update instructions."}}]}
CVE-2026-22209
Published: May 26, 2026
Last updated:
Exploit: NoZero-day: NoPatch: Yes
TL;DR
CVE-2026-22209 is a medium severity vulnerability with a CVSS score of 5.5. No known exploits currently, and patches are available.
Key Points
1Medium severity (CVSS 5.5/10)
2No known public exploits
3
Severity Scores
CVSS v35.5
CVSS v20.0
Priority Score285.0
EPSS Score0.0
Medium
Cite This Page
APA Format
Strobes VI. (2026). CVE-2026-22209 - CVE Details and Analysis. Strobes VI. Retrieved May 30, 2026, from https://vi.strobes.co/cve/CVE-2026-22209
Quick copy link + title
Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.
EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.
Description
wpDiscuz before 7.6.47 contains a cross-site scripting vulnerability in the customCss field that allows administrators to inject malicious scripts by breaking out of style tags. Attackers with admin access can inject payloads like </style><script>alert(1)</script> in the custom CSS setting to execute arbitrary JavaScript in user browsers.