A vulnerability was found in Apache Storm UI up to 2.8.5 . It has been rated as problematic . Affected by this vulnerability is the function parseNode/parseEdge of the component Topology Metadata Handler . This manipulation causes cross site scripting. The identification of this vulnerability is CVE-2026-35565 . It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.