Ubuntu 26.04 LTS libtemplate-perl Critical HTML Injection Vuln 8377-1
Jun 03, 2026
•
LinuxSecurity Advisories
1 - 2 min read
Topics Covered
Template-Toolkit could allow arbitrary HTML and JavaScript to be injected into generated output.
========================================================================== Ubuntu Security Notice USN-8377-1 June 03, 2026 libtemplate-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Template-Toolkit could allow arbitrary HTML and JavaScript to be injected into generated output. Software Description: - libtemplate-perl: template processing system in Perl Details: It was discovered that Template-Toolkit did not properly escape single quotes in the html_filter function of Template::Plugin::HTML. An attacker could possibly use this issue to inject arbitrary HTML and JavaScript into generated output. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libtemplate-perl 3.102-1ubuntu0.1 Ubuntu 25.10 libtemplate-perl 2.27-1ubuntu0.25.10.1 Ubuntu 24.04 LTS libtemplate-perl 2.27-1ubuntu0.24.04.1 Ubuntu 22.04 LTS libtemplate-perl 2.27-1ubuntu0.22.04.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8377-1 CVE-2026-5090 Package Information: https://launchpad.net/ubuntu/+source/libtemplate-perl/3.102-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.22.04.1
PREVIOUS
NEXT
Ubuntu 26.04 LTS libtemplate-perl Critical HTML Injection Vuln 8377-1
ubuntu
June 3, 2026
Template-Toolkit could allow arbitrary HTML and JavaScript to be injected into generated output.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Template-Toolkit could allow arbitrary HTML and JavaScript to be injected into generated output. Software Description: - libtemplate-perl: template processing system in Perl Details: It was discovered that Template-Toolkit did not properly escape single quotes in the html_filter function of Template::Plugin::HTML. An attacker could possibly use this issue to inject arbitrary HTML and JavaScript into generated output.
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libtemplate-perl 3.102-1ubuntu0.1 Ubuntu 25.10 libtemplate-perl 2.27-1ubuntu0.25.10.1 Ubuntu 24.04 LTS libtemplate-perl 2.27-1ubuntu0.24.04.1 Ubuntu 22.04 LTS libtemplate-perl 2.27-1ubuntu0.22.04.1 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8377-1
CVE-2026-5090
Severity
critical
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8377-1
Topics Covered
Package Information
https://launchpad.net/ubuntu/+source/libtemplate-perl/3.102-1ubuntu0.1 https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.25.10.1 https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.22.04.1
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!