CVE-CVE-2026-24838 | CRITICAL Severity | CVEDatabase.com

Description

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the issue.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: high
User Action: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-79

Metadata

Primary Vendor: MICROSOFT
Published: 1/28/2026
Last Modified: 1/29/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

Microsoft : Undergoing Analysis

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD