` could break out of the script tag and execute attacker-controlled JavaScript in the Control UI origin. Version 2026.2.15 removed inline script injection and serve bootstrap config from a JSON endpoint and added a restrictive Content S...","inLanguage":"en-US","mainEntityOfPage":{"@type":"WebPage","@id":"https://intel.enki-guard.com/vulnerability/CVE-2026-27009-openclaw-stored-cross-site-scripting"},"url":"https://intel.enki-guard.com/vulnerability/CVE-2026-27009-openclaw-stored-cross-site-scripting","identifier":"CVE-2026-27009","keywords":"CVE-2026-27009, CVE, vulnerability, security advisory, Medium severity","about":{"@type":"Thing","name":"CVE-2026-27009","identifier":"CVE-2026-27009"},"author":{"@type":"Organization","name":"AnKi Security OÜ","url":"https://anki-security.com"},"publisher":{"@type":"Organization","name":"Enki CVE Intelligence","url":"https://intel.enki-guard.com","logo":{"@type":"ImageObject","url":"https://intel.enki-guard.com/og/static/home.png"}},"datePublished":"2026-02-20T00:16:17+00:00","dateModified":"2026-02-20T17:41:44+00:00","image":"https://intel.enki-guard.com/og/cve/CVE-2026-27009.png"}