A vulnerability identified as problematic has been detected in hackage-server and hackage.haskell.org up to 0.5 . Affected by this issue is some unknown functionality. Performing a manipulation results in cross site scripting. This vulnerability is identified as CVE-2026-40470 . The attack can be initiated remotely. There is not any exploit available. You should upgrade the affected component.