What is the severity of CVE-2026-23643?

CVE-2026-23643 has a CVSS v3 score of 5.4, which is classified as Medium severity.

Is there an exploit available for CVE-2026-23643?

No known public exploits are currently available for CVE-2026-23643.

Is there a patch available for CVE-2026-23643?

Yes, patches are available for CVE-2026-23643. Check the vendor advisories for update instructions.

CVE-2026-23643 - CVE Details, Severity, and Analysis

Q: What is CVE-2026-23643?

### Impact The `PaginatorHelper::limitControl()` method has a cross-site-scripting vulnerability via query string parameter manipulation. ### Patches This issue has been fixed in 5.2.12 and 5.3.1 ### Workarounds If you are unable to upgrade, you should avoid using `Paginator::limitControl()` until you can upgrade.

Published: January 26, 2026

Last updated:1 day ago (January 26, 2026)

Updated January 26, 2026

no major risk factors

Impact

The PaginatorHelper::limitControl() method has a cross-site-scripting vulnerability via query string parameter manipulation.

Patches

This issue has been fixed in 5.2.12 and 5.3.1

Workarounds

If you are unable to upgrade, you should avoid using Paginator::limitControl() until you can upgrade.

Strobes VI. (2026). CVE-2026-23643 - CVE Details and Analysis. Strobes VI. Retrieved January 27, 2026, from https://vi.strobes.co/cve/CVE-2026-23643