Nixpkgs security tracker

Untriaged

Permalink CVE-2026-6216

3.5 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 1 day, 2 hours ago

DbGate SVG Icon String FontIcon.svelte cross site scripting

A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 7.1.5 mitigates this issue. It is advisable to upgrade the affected component.

References

VDB-357135 | DbGate SVG Icon String FontIcon.svelte cross site scripting vdb-entrytechnical-description
VDB-357135 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
Submit #785841 | DbGate DbGate Premium 7.1.4 Remote code execution via Stored XSS third-party-advisory
https://github.com/dbgate/dbgate/releases/tag/v7.1.5 patch
https://github.com/dbgate/dbgate/ product

Affected products

DbGate

==7.1.0
==7.1.3
==7.1.4
==7.1.5
==7.1.2
==7.1.1

Matching in nixpkgs

pkgs.dbgate

Database manager for MySQL, PostgreSQL, SQL Server, MongoDB, SQLite and others

nixos-unstable 6.6.9
- nixpkgs-unstable 6.6.9
- nixos-unstable-small 6.6.9
nixos-25.11 6.6.9
- nixos-25.11-small 6.6.9
- nixpkgs-25.11-darwin 6.6.9

Package maintainers

@luftmensch-luftmensch Valentino Bocchetti <valentinobocchetti59@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.dbgate

Package maintainers