Security News

Cybersecurity news aggregator

🔓
MEDIUM Vulnerabilities Ubuntu Security

USN-8276-1: Highlight.js vulnerability

cve-2026-5678javascriptsecurity-flawcve-2020-26237
  • What: Prototype pollution vulnerability in highlight.js
  • Impact: Could lead to denial of service or unexpected application behavior
Read Full Article →

Ubuntu Security Notices USN-8276-1 USN-8276-1: Highlight.js vulnerability Publication date 19 May 2026 Overview Highlight.js could be made to crash if it received specially crafted input. Releases 20.04 LTS 18.04 LTS 16.04 LTS Open side navigation Close side navigation Packages Details Update instructions References Packages highlight.js - JavaScript syntax highlighter Details It was discovered that Highlight.js used plain JavaScript objects for internal language name lookups, making them susceptible to prototype pollution attacks. An attacker could use this to cause a denial of service or unexpected application behaviour. It was discovered that Highlight.js used plain JavaScript objects for internal language name lookups, making them susceptible to prototype pollution attacks. An attacker could use this to cause a denial of service or unexpected application behaviour. Update instructions In general, a standard system update will make all the necessary changes. Learn more about how to get the fixes. The problem can be corrected by updating your system to the following package versions: Ubuntu Release Package Version 20.04 LTS focal libjs-highlight.js – 9.12.0+dfsg1-5ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. node-highlight.js – 9.12.0+dfsg1-5ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. 18.04 LTS bionic libjs-highlight.js – 9.12.0+dfsg1-4ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. node-highlight.js – 9.12.0+dfsg1-4ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. 16.04 LTS xenial libjs-highlight.js – 8.2+ds-4ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. node-highlight.js – 8.2+ds-4ubuntu0.1~esm1 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. Reduce your security exposure Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines. Get Ubuntu Pro References CVE-2020-26237 CVE-2020-26237

Related Articles

CRITICAL Critical flaw in Protobuf library enables JavaScript code execution BleepingComputer MEDIUM USN-8325-1: tgt vulnerability Ubuntu Security
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn