CVE-2026-1819

High

Published: 04 February 2026

Published

04 February 2026

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0007 21.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-1819 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Gov (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked at the 21.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Threat & Defense at a Glance

What attackers do: exploitation maps to Browser Session Hijacking (T1185) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-15 Information Output Filtering good match

prevent

Directly addresses improper neutralization of input during web page generation by requiring filtering of outputs to prevent execution of stored malicious scripts.

SI-10 Information Input Validation good match

prevent

Requires validation of user inputs to block injection of malicious scripts that could be stored and later served to other users.

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and correction of the specific flaw enabling stored XSS in ViPort.

MITRE ATT&CK Enterprise TechniquesAI

T1185 Browser Session Hijacking Collection

Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.

attack.mitre.org →

T1059.007 JavaScript Execution

Adversaries may abuse various implementations of JavaScript for execution.

attack.mitre.org →

Why these techniques?

Stored XSS directly enables persistent malicious JavaScript execution in victim browsers (T1059.007) and facilitates session hijacking (T1185) as described in the CVE impacts.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Karel Electronics Industry and Trade Inc. ViPort allows Stored XSS.This issue affects ViPort: through 23012026.

Deeper analysisAI

CVE-2026-1819 is an Improper Neutralization of Input During Web Page Generation vulnerability, enabling Stored Cross-site Scripting (XSS), in Karel Electronics Industry and Trade Inc. ViPort. This issue affects ViPort versions through 23012026 and is associated with CWE-79. The vulnerability has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low complexity, and significant impacts across confidentiality, integrity, and availability.

An authenticated attacker with low privileges can exploit this Stored XSS vulnerability remotely without requiring user interaction. By injecting malicious scripts into the application, the attacker can have them stored and served to other users viewing affected web pages, potentially leading to session hijacking, data theft, or unauthorized actions on behalf of victims.

The primary advisory is available from USOM at https://www.usom.gov.tr/bildirim/tr-26-0017, which provides notification details on the vulnerability. No specific patch or mitigation steps beyond the advisory reference are detailed in available information.