CVE-2026-32722
MEDIUM WAF: High
CVSS 6.1
Published: 2026-03-18
CWE-79
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated report. This allowed JavaScript execution when a victim opened the generated report in a browser. Version 1.19.2 fixes the issue.
WAF Coverage Analysis
Cross-Site Scripting (XSS)
High WAF Coverage
OWASP: A03:2021 Injection
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| bloomberg | memray | up to 1.19.2 |
References
- github.com (Patch)
- github.com (Product, Release Notes)
- github.com (Exploit, Vendor Advisory)