PulsePatch.io on Horizon: "`OpenBao` is vulnerable to Reflected XSS (CVE-2026-33758) via OIDC authenticatio"

No JavaScript? That's cool, but you'll need to disable Turbo mode as it uses JavaScript in the client.

`OpenBao` is vulnerable to Reflected XSS (CVE-2026-33758) via OIDC authentication error messages. This can lead to client-side script execution. Monitor for updates. #OpenBao #XSS #infosec pulsepatch.io/posts/cve-2026…

2:57 PM · Mar 27, 2026 · 28 Views