A vulnerability categorized as problematic has been discovered in apostrophecms apostrophe up to 2.17.4 . This affects the function naughtyHref of the component API . The manipulation results in cross site scripting. This vulnerability is reported as CVE-2026-53606 . The attack can be launched remotely. No exploit exists. It is advisable to upgrade the affected component.