A vulnerability labeled as problematic has been found in nukeviet CMS up to 4.5.7 . Affected is an unknown function of the component Contact Module . The manipulation results in cross site scripting. This vulnerability was named CVE-2026-41147 . The attack may be performed from remote. There is no available exploit. The affected component should be upgraded.