Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 536
Alerts This Week
Warning Icon 1 536

Ubuntu 26.04 Template-Toolkit Significant HTML Injection Flaw USN-8377-1

ubuntu
Calendar Grey June 3, 2026
Scroller Ubuntu
Template-Toolkit in Ubuntu allows HTML/JavaScript injections. Update recommended to avoid security risks and vulnerabilities.
Template-Toolkit could allow arbitrary HTML and JavaScript to be injected into generated output.

Summary

Template-Toolkit could allow arbitrary HTML and JavaScript to be injected

into generated output.

Software Description:

- libtemplate-perl: template processing system in Perl

Details:

It was discovered that Template-Toolkit did not properly escape single

quotes in the html_filter function of Template::Plugin::HTML. An attacker

could possibly use this issue to inject arbitrary HTML and JavaScript into

generated output.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  libtemplate-perl                3.102-1ubuntu0.1

Ubuntu 25.10
  libtemplate-perl                2.27-1ubuntu0.25.10.1

Ubuntu 24.04 LTS
  libtemplate-perl                2.27-1ubuntu0.24.04.1

Ubuntu 22.04 LTS
  libtemplate-perl                2.27-1ubuntu0.22.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8377-1

CVE-2026-5090

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8377-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.