Ubuntu 26.04 Template-Toolkit Significant HTML Injection Flaw USN-8377-1
ubuntu
June 3, 2026
Template-Toolkit could allow arbitrary HTML and JavaScript to be injected into generated output.
Summary
Template-Toolkit could allow arbitrary HTML and JavaScript to be injected
into generated output.
Software Description:
- libtemplate-perl: template processing system in Perl
Details:
It was discovered that Template-Toolkit did not properly escape single
quotes in the html_filter function of Template::Plugin::HTML. An attacker
could possibly use this issue to inject arbitrary HTML and JavaScript into
generated output.
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS libtemplate-perl 3.102-1ubuntu0.1 Ubuntu 25.10 libtemplate-perl 2.27-1ubuntu0.25.10.1 Ubuntu 24.04 LTS libtemplate-perl 2.27-1ubuntu0.24.04.1 Ubuntu 22.04 LTS libtemplate-perl 2.27-1ubuntu0.22.04.1 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-8377-1
CVE-2026-5090
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Ubuntu Security Notice USN-8377-1
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!