OffSequenceimmich-app suffers CRITICAL reflected XSS (CVE-2026-53662) in /auth/login (commits 4ffa26c9 – 4eb1003). Exploitation = persistent account takeover via API key minting. Update to commit 4eb1003 or later. https://radar.offseq.com/threat/cve-2026-53662-cwe-79-improper-neutralization-of-i-088d09407e2bf58b #OffSeq #CVE202653662 #XSS #infosec
