CVE-2026-26378

CVSS Score Not Available

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features

Published: 6/3/2026

Modified: 6/3/2026

Back to CVE Lookup

Vulnerability Summary

Learn More

CVSS Calculator

Calculate and understand CVSS scores

Understanding CVSS Scoring

Learn how severity scores are calculated and what they mean

CVE Prioritization Guide

Best practices for deciding which vulnerabilities to address first

What is a CVE?

Essential guide to Common Vulnerabilities and Exposures