CVE-2026-22028 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-22028 PUBLISHED CVSS 7.199999809265137 HIGH

Preact has JSON VNode Injection issue

EPSS 0.06% · 18.7th percentile

Risk Scores

CVSS v4.0

7.199999809265137

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

EPSS Score

0.06%

18.7th percentile

Affected Products

Vendor	Product	Versions
npm	preact	10.27.0, 10.28.0, 10.26.5
preactjs	preact	10.26.5, >= 10.26.5, < 10.26.10, 10.28.0

Timeline

Jan 7, 2026 CVE Published
Jan 8, 2026 CVE Updated
Jan 8, 2026 PoC Published
Jan 9, 2026 EPSS Score
Jan 12, 2026 EPSS Score
Jan 14, 2026 EPSS Score
Jan 15, 2026 PoC Published
Jan 17, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 22, 2026 EPSS Score
Jan 24, 2026 PoC Published
Jan 25, 2026 EPSS Score

References

Open in Interactive Console →