NetBox Cross-Site Scripting Vulnerability Advisory

CERT-Bund has released security advisory WID-SEC-2026-0736 concerning a critical vulnerability in NetBox, specifically affecting version 4.3.5. The vulnerability, rated with a CVSS Base Score of 6.1, allows remote, anonymous attackers to perform Cross-Site Scripting (XSS) attacks. The advisory applies to NetBox installations running on Linux and UNIX operating systems.

Organizations using NetBox version 4.3.5 should immediately review their systems for potential compromise and apply available security patches or mitigations as recommended by the vendor. While the advisory does not specify a compliance deadline, prompt action is advised to prevent exploitation and maintain the security of network documentation and management infrastructure. Failure to address this vulnerability could lead to unauthorized access or data manipulation.