CVE-2026-55596 - Plate: Media embed provider metadata can bypass URL sanitization and execute iframe JavaScript
CVE ID :CVE-2026-55596 Published : July 8, 2026, 9:16 p.m. | 1 hour, 58 minutes ago Description :Plate is a rich-text editor with AI and shadcn/ui. From 53.0.0 until 53.1.4, the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl...