CVE-2026-47760 - TinyMCE nested SVG sanitizer XSS
TinyMCE disclosed a stored XSS issue in the editor sanitizer for TinyMCE 6.8.x through 7.0.x. Improper SVG namespace scope handling can let crafted nested markup bypass attribute sanitization and become scriptable when stored content is rendered.
The risky shape is not merely “TinyMCE is installed.” It is a multi-user rich text surface where less-trusted authors can submit HTML, SVG-capable content, pasted markup, imports, or editor output that is later viewed by admins, reviewers, customers, anonymous visitors, email recipients, exports, or mobile/webview clients.
When to use it
Use this recipe when a product uses TinyMCE in a multi-user rich-text surface where SVG, pasted HTML, imported HTML, model output, markdown conversions, or stored editor content can be rendered to another user. It is designed for source-code remediation, TinyMCE upgrade review, SVG/sanitizer boundary hardening, stored-content cleanup planning, and evidence that nested SVG or namespace-sensitive markup remains inert.
Inputs
- TinyMCE version, lockfiles, vendored/CDN assets, editor plugin/config state, SVG/custom-element policy, sanitizer configuration, CSP, iframe sandboxing, and generated dependency reports.
- Source paths that configure TinyMCE, enable SVG/custom elements, accept pasted or imported HTML, sanitize content, render previews, exports, emails, PDFs, or mobile/webview content.
- Regression fixtures for benign rich text, nested SVG, namespace-sensitive
markup,
foreignObject, JavaScript URLs, event handlers, unsafe CSS, and post-sanitization reparsing. - Boundary evidence: rich-text authors, privileged viewers, tenant crossing, stored-content migration plan, content ownership, logs, and rollout owner.
Affected versions
- Vulnerable packages:
tinymce(npm),tinymce/tinymce(Composer), andTinyMCE(NuGet) - Vulnerable range:
>=6.8.0, <7.1.0 - Fixed version:
7.1.0+; for active production deployments, prefer a currently supported fixed line such as7.9.3+or8.5.1+when compatible - Affected surface: stored or replayed rich-text HTML where SVG and nested namespace-sensitive elements can pass through TinyMCE parsing or a downstream render path
- Higher-risk viewers: admin consoles, moderation queues, tenant-crossing portals, knowledge bases, support tools, email/PDF exports, and AI-generated content review screens
Indicator-of-exposure
- The repository depends on, vendors, bundles, CDN-pins, or deploys TinyMCE
>=6.8.0, <7.1.0. - Users outside the trusted developer/operator group can submit rich text, imported HTML, pasted HTML, CMS pages, comments, tickets, product descriptions, support replies, markdown-to-HTML output, email templates, or model-generated content for TinyMCE-backed editing.
- Stored editor content is rendered to other users through normal pages, previews, admin review screens, exports, emails, PDFs, mobile/webviews, or customer support tools.
- The app allows SVG, SVG-like markup,
foreignObject, broad custom elements, broadvalid_elements/extended_valid_elements, or post-sanitization transforms that can reparse sanitized HTML. - Server-side sanitization, CSP, iframe sandboxing, or render tests do not explicitly cover nested SVG and namespace-confusion content.
Quick checks:
rg -n "tinymce|TinyMCE|svg|foreignObject|valid_elements|extended_valid_elements|custom_elements|sanitize|DOMPurify|HtmlSanitizer|bleach|sanitize-html|innerHTML|dangerouslySetInnerHTML|wysiwyg|rich text|markdown|preview|export" .
npm ls tinymce
pnpm why tinymce
yarn why tinymce
composer show tinymce/tinymce
dotnet list package | rg -i "tinymce"
rg -n "tinymce|TinyMCE|svg|foreignObject|valid_elements|extended_valid_elements|custom_elements" package.json package-lock.json pnpm-lock.yaml yarn.lock composer.json composer.lock *.csproj static public assets src app resources templates . 2>/dev/null
Windows:
rg -n "tinymce|TinyMCE|svg|foreignObject|valid_elements|extended_valid_elements|custom_elements|sanitize|DOMPurify|HtmlSanitizer|bleach|sanitize-html|innerHTML|dangerouslySetInnerHTML|wysiwyg|rich text|markdown|preview|export" .
npm ls tinymce
pnpm why tinymce
yarn why tinymce
composer show tinymce/tinymce
dotnet list package | rg -i "tinymce"
rg -n "tinymce|TinyMCE|svg|foreignObject|valid_elements|extended_valid_elements|custom_elements" package.json package-lock.json pnpm-lock.yaml yarn.lock composer.json composer.lock *.csproj static public assets src app resources templates .
Do not publish exploit HTML, execute JavaScript payloads, open unsafe stored content in a privileged browser, paste payloads into production editors, or dump user-authored content into logs or commits.
Remediation strategy
- Upgrade every controlled TinyMCE package, vendored asset, CDN URL, lockfile,
SBOM, generated dependency report, and rendered deployment artifact away from
>=6.8.0, <7.1.0. Use7.1.0+at minimum, and prefer a later supported fixed line such as7.9.3+or8.5.1+when compatible. - Keep or add server-side HTML sanitization for stored content. Do not rely on the client editor as the only trust boundary for multi-user content.
- Disable or tightly constrain SVG support for untrusted authors unless the business case is explicit and covered by sanitizer tests.
- Re-sanitize existing stored rich-text records, or enforce on-read/on-render sanitization until a migration can safely clean older records.
- Add regression tests that preserve benign formatting but prove nested SVG, namespace-sensitive markup, scriptable URLs, event handlers, and broad custom elements are stripped or rendered inert before content reaches another user’s browser.
- If CVE-2026-47759, CVE-2026-47761, or CVE-2026-47762 is also present, combine dependency upgrade, stored-content cleanup, and render-path testing into one TinyMCE remediation PR while keeping each advisory’s fixtures distinct.
The prompt
You are remediating CVE-2026-47760 / GHSA-mh5m-5hw4-5c69, a TinyMCE stored
XSS issue in versions 6.8.x through 7.0.x caused by improper SVG namespace
handling in the sanitizer. Produce exactly one output:
- A reviewer-ready PR/change request that upgrades TinyMCE, preserves or adds
server-side rich-text sanitization, adds safe nested-SVG regression coverage,
refreshes generated artifacts, and documents stored-content cleanup, or
- TRIAGE.md if this repository does not control an affected TinyMCE runtime,
package, vendored asset, CDN pin, SVG-capable rich-text surface, or stored
content rendering path.
## Rules
- Scope only CVE-2026-47760 / GHSA-mh5m-5hw4-5c69 and directly related
TinyMCE sanitizer, SVG, stored-content, and render-path controls. If adjacent
TinyMCE CVEs are present, note the shared upgrade path without expanding into
unrelated editor changes.
- Treat stored rich text, pasted HTML, imported HTML, model output, customer
content, admin notes, email bodies, CMS pages, session cookies, auth tokens,
screenshots, exports, and rendered previews as sensitive.
- Do not create exploit pages, execute JavaScript payloads, paste test XSS into
production editors, use privileged browsers for unsafe previews, or commit
customer-authored HTML.
- Do not remove server-side sanitizers, CSP, iframe isolation, content approval,
audit logs, or rich-text tests to make the upgrade pass.
- Do not auto-merge.
## Steps
1. Inventory every TinyMCE reference controlled by this repository: npm,
Composer, NuGet, lockfiles, vendored static assets, CDN URLs, package
managers, Docker images, CMS plugins, admin bundles, mobile/webview assets,
SBOMs, generated dependency reports, docs that pin versions, and rendered
deployment artifacts.
2. Determine every resolved TinyMCE version. A target is vulnerable if it
resolves to `>=6.8.0, <7.1.0`.
3. Search for SVG-capable and rich-text render paths: `svg`, `foreignObject`,
custom elements, `valid_elements`, `extended_valid_elements`, paste/import
handlers, markdown-to-HTML transforms, WYSIWYG editors, CMS pages, comments,
tickets, product descriptions, previews, exports, emails, PDFs,
mobile/webviews, sanitizer configuration, CSP, and iframe sandboxing.
4. If the repository only contains documentation or an external vendor owns
TinyMCE, stop with `TRIAGE.md` listing checked files, runtime owner, and the
required fixed version.
5. Upgrade all controlled TinyMCE references to `7.1.0+` at minimum. Prefer a
current fixed line such as `7.9.3+` or `8.5.1+` when the product can accept
the migration.
6. Refresh lockfiles, package-manager metadata, vendored assets, CDN hashes,
image digests, rendered deployment artifacts, SBOMs, dependency reports, and
release documentation.
7. Verify or patch stored-content sanitization:
- sanitize on the server before storage or before rendering;
- block or tightly allow-list SVG for untrusted authors;
- reject or neutralize nested SVG, namespace-sensitive markup,
`foreignObject`, JavaScript URLs, event handlers, unsafe CSS, broad custom
elements, and post-sanitization reparsing;
- ensure preview, export, email, PDF, and mobile/webview renderers use the
same sanitized content boundary as normal page views.
8. Add safe regression coverage without executing payloads:
- dependency policy rejects TinyMCE `>=6.8.0, <7.1.0`;
- benign rich text and supported embeds still render;
- nested SVG and namespace-sensitive fixtures are stripped, rejected, or
rendered inert;
- sanitizer output contains no scriptable URLs, event handlers, untrusted
SVG execution paths, or unauthorized custom elements;
- logs and test snapshots do not contain customer content or session data.
9. Add a PR body section named `CVE-2026-47760 operator actions` that states:
- TinyMCE versions before and after;
- every SVG-capable authoring and rendering surface checked;
- whether server-side sanitization was already present or added;
- whether existing stored rich text must be re-sanitized, migrated, or
cleaned on read;
- whether CSP, iframe sandboxing, email/PDF renderers, or mobile/webview
clients need follow-up;
- which validation commands passed.
10. Run available validation: package install, lockfile integrity, frontend
tests, sanitizer unit tests, rich-text render tests, lint/typecheck,
browser smoke tests, container build, SBOM refresh, and dependency/security
scans.
11. Use PR title:
`fix(sec): remediate CVE-2026-47760 in TinyMCE`
## Stop conditions
- No affected TinyMCE package, vendored asset, CDN pin, SVG-capable rich-text
surface, or stored-content rendering path is controlled by this repository.
- The TinyMCE runtime or CMS plugin is owned by another team or vendor; name
the owner and required fixed versions in `TRIAGE.md`.
- Moving from an affected TinyMCE line requires a broader product migration
that cannot fit in this PR.
- Validating exposure would require publishing exploit HTML, using production
content, opening unsafe previews in a privileged browser, or exposing stored
customer data.
- Validation fails for unrelated pre-existing reasons; document those failures
instead of broadening scope.
Output contract
- A reviewer-ready PR or change request that upgrades TinyMCE, preserves or adds server-side sanitizer coverage, adds safe nested-SVG regression tests, refreshes generated artifacts, and documents stored-content cleanup.
- Or a
TRIAGE.mdfile that lists inspected packages/assets/config, owner, observed version, SVG-capable surfaces, render boundary, required fix, and residual risk. - The output must include exact validation commands and must not execute XSS payloads, publish exploit content, expose customer-authored HTML, or remove sanitizer/CSP/iframe protections.
Verification - what the reviewer looks for
- No controlled npm, Composer, NuGet, vendored asset, CDN URL, image, SBOM, or
generated report resolves TinyMCE to
>=6.8.0, <7.1.0. - Stored rich-text render paths use patched TinyMCE assets and server-side sanitization or an equivalent trusted render boundary.
- Regression tests show nested SVG and namespace-sensitive markup cannot become scriptable through the product’s actual sanitize-and-render path.
- Existing content cleanup is either completed, safely handled on render, or explicitly tracked as an operator action.
- The PR avoids exploit execution and does not expose customer-authored HTML, cookies, tokens, screenshots, exports, or admin-only content.
Related recipes
- Source code injection sink audit
- Source code secrets and data exposure audit
- OWASP Top 10 2026 audit
- SAST finding triage and fix
Watch for
- Updating npm while a CMS plugin, Composer package, NuGet package, vendored asset, CDN URL, or static bundle still serves an affected TinyMCE build.
- Treating TinyMCE client-side filtering as a replacement for server-side sanitization.
- Leaving broad SVG,
foreignObject, custom element, orextended_valid_elementsallowances for untrusted authors. - Sanitizing only edit screens while previews, public pages, email, PDF export, or mobile/webview clients render older stored HTML.
- Snapshot tests that commit real customer content or privileged rendered HTML.
References
- GitHub Advisory Database: https://github.com/advisories/GHSA-mh5m-5hw4-5c69
- TinyMCE 7.1 release notes: https://www.tiny.cloud/docs/tinymce/7/7.1-release-notes/#securityfixes
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-47760