HOMEVULNERABILITIESCVE-2026-2276
MEDIUM

CVE-2026-2276

CWE-79Published: February 12, 2026· Updated: Feb 12, 2026

5.3
CVSS v3.1
EPSS:0.02%probability of exploitation in 30 daysPercentile:4.0th

Official Description

Reflected Cross-Site Scripting (XSS) vulnerability in the Wix web application, where the endpoint ' https://manage.wix.com/account/account-settings ', responsible for uploading SVG images, does not properly sanitize the content. An authenticated attacker could upload an SVG file containing embedded JavaScript code, which is stored and subsequently executed when other users view the image. Exploiting this vulnerability allows arbitrary code to be executed in the context of the victim's browser, which could lead to the disclosure of sensitive information or the abuse of the affected user's session.

NVD Source

Technical Analysis

CVE-2026-2276 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

From a weakness classification perspective (CWE-79): Cross-site scripting (XSS) vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeX
Impact
Confidentiality
Integrity
Availability
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

News & Research Mentioning CVE-2026-2276

Fed agencies ordered to patch Dell bug by Saturday after exploitation warning
The Record· Feb 18, 2026

Dell and Google released notices on Tuesday about CVE-2026-22769, warning that a sophisticated Chinese actor has been targeting the bug since at least mid-2024. [xlite_meta score:56 src:The Record xlite_fp:83a71e3c742bf8d1c588e613eea818c0b34d5f3b8832c58bcd14dc8c969ec853]

CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA Alerts· Feb 18, 2026

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2021-22175 GitLab Server-Side Request Forgery (SSRF) Vulnerability CVE-2026-22769 Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive [xlite_meta score:51 src:CISA Alerts xlite_fp:2312edec4bd01cf3701650d4424a63734849126101967e9e5493d26777a51e21]

Dell RecoverPoint for VMs Zero-Day CVE-2026-22769 Exploited Since Mid-2024
The Hacker News· Feb 18, 2026

A maximum severity security vulnerability in Dell RecoverPoint for Virtual Machines has been exploited as a zero-day by a suspected China-nexus threat cluster dubbed UNC6201 since mid-2024, according to a new report from Google Mandiant and Google Threat Intelligence Group (GTIG). The activity involves the exploitation of CVE-2026-22769 (CVSS score: 10.0), a case of hard-coded credentials [xlite_meta score:49 src:The Hacker News xlite_fp:7edbb7259c4297c1edc51c84b43bef8fa9411c10915e904bcf6e6820ff07319f]

Dell RecoverPoint Zero-Day Exploited by Chinese Cyberespionage Group
SecurityWeek· Feb 18, 2026

GTIG and Mandiant said the zero-day tracked as CVE-2026-22769 has been exploited by UNC6201 since at least 2024. The post Dell RecoverPoint Zero-Day Exploited by Chinese Cyberespionage Group appeared first on SecurityWeek. [xlite_meta score:46 src:SecurityWeek xlite_fp:79bb126a00d2867b70fae9cfd5c439bb2fd0435235583d11ac99675676335f6b]

From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day
Mandiant Blog· Feb 17, 2026

Written by: Peter Ukhanov, Daniel Sislo, Nick Harbour, John Scarbrough, Fernando Tomlinson, Jr., Rich Reece Introduction Mandiant and Google Threat Intelligence Group (GTIG) have identified the zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769, with a CVSSv3.1 score of 10.0. Analysis of incident response engagements revealed that UNC6201, a suspected PRC-nexus threat cluster, has exploited this flaw since at least mid-2024 to move laterally, maintain persistent access, and deploy malware including SLAYSTYLE, BRICKSTORM, and a novel backdoor tracked as GRIMBOLT. The initial access vector for these incidents was not confirmed, but UNC6201 is known to target edge appliances (such as VPN concentrators) for initial access. There are notable overlaps between UNC6201 and UNC5221, which has been used synonymously with the actor publicly reported as Silk Typhoon, although GTIG does not currently consider the two clusters to b

All References (1)

Quick Facts

CVE IDCVE-2026-2276
CVSS Score5.3 / 10
SeverityMEDIUM
WeaknessCWE-79
CISA KEVNo
EPSS (30d)0.02%
PublishedFeb 12, 2026

Related CVEs (CWE-79)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-2276 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.