1. CVE-2026-44665: Attribute Injection Flaw in fast-xml-builder Enables XSS via Malformed XML Processing
A high-severity vulnerability, CVE-2026-44665, has been identified in the fast-xml-builder npm package (versions prior to 1.1.7), exposing applications to attribute injection attacks. The flaw, detected by Trivy security scanning, stems from improper handling of quotes within XML attribute values when entity processing...