Fedora 43 and 44 Address Critical XSS Vulnerability in Python-Postorius

Fedora has released updates for the python-postorius package to address a critical cross-site scripting (XSS) vulnerability identified as CVE-2026-44742. This vulnerability allows attackers to exploit unescaped HTML in message subjects, potentially affecting users of the Fedora operating system. The updates, version 1.3.13, were backported to mitigate this issue and are available for installation via the 'dnf' package manager. Users are urged to upgrade to the latest version to protect against potential exploitation. The vulnerability was published on May 7, 2026, and affects all versions prior to the fix. The updates were confirmed by Fedora's release engineering team and the Python maintainers.

Key Points: • Fedora 43 and 44 released updates to fix CVE-2026-44742, a critical XSS flaw. • The vulnerability allows for cross-site scripting via unescaped HTML in message subjects. • Users are advised to upgrade to version 1.3.13 to mitigate the risk of exploitation.