CVE-2026-41282

· NIST NVD ↗

ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration).

MEDIUM
CVSS severity
4
CVSS base score
2026-04-20
Published

CWE codes

CWE-94

Affected products

projectdiscovery:nuclei

Sources