Home / mailings [USN-8377-1] Template-Toolkit vulnerability
Posted on 03 June 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8377-1
June 03, 2026
libtemplate-perl vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
Summary:
Template-Toolkit could allow arbitrary HTML and JavaScript to be injected
into generated output.
Software Description:
- libtemplate-perl: template processing system in Perl
Details:
It was discovered that Template-Toolkit did not properly escape single
quotes in the html_filter function of Template::Plugin::HTML. An attacker
could possibly use this issue to inject arbitrary HTML and JavaScript into
generated output.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 26.04 LTS
libtemplate-perl 3.102-1ubuntu0.1
Ubuntu 25.10
libtemplate-perl 2.27-1ubuntu0.25.10.1
Ubuntu 24.04 LTS
libtemplate-perl 2.27-1ubuntu0.24.04.1
Ubuntu 22.04 LTS
libtemplate-perl 2.27-1ubuntu0.22.04.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8377-1
CVE-2026-5090
Package Information:
https://launchpad.net/ubuntu/+source/libtemplate-perl/3.102-1ubuntu0.1
https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.25.10.1
https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.24.04.1
https://launchpad.net/ubuntu/+source/libtemplate-perl/2.27-1ubuntu0.22.04.1
--===============6050736941202692744==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
