SCA: security update for tarteaucitronjs (GHSA-q5f6-qxm2-mcqm)

medium Tenable Self-Hosted Container Security Plugin ID 436746

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- tarteaucitron.js is a compliant and accessible cookie banner. Prior to 1.29.0, a Regular Expression Denial
of Service (ReDoS) vulnerability was identified in tarteaucitron.js in the handling of the issuu_id
parameter. This vulnerability is fixed in 1.29.0. (CVE-2026-22809)

Plugin Details

Severity: Medium

ID: 436746

Version: Revision 1.8

Type: Local

Family: SCA Checks

Published: 1/14/2026

Updated: 6/1/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Medium

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:L/AC:L/Au:M/C:N/I:N/A:C

CVSS Score Source: CVE-2026-22809

CVSS v3

Risk Factor: Medium

Base Score: 4.4

Temporal Score: 3.9

Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 1/13/2026

Vulnerability Publication Date: 1/13/2026

Reference Information

CVE: CVE-2026-22809

cwe: CWE-1333

Detections

Analytics