A vulnerability described as problematic has been identified in stonith404 pingvin-share up to 1.13.0 . This affects the function getServerSideProps of the file frontend/src/pages/auth/signIn.tsx of the component Sign-in Auto-Redirect . The manipulation of the argument redirect results in cross site scripting. This vulnerability was named CVE-2026-9519 . The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not