Live Latest activity →

Ory Polis Vulnerabilities

1 advisories affecting Ory Polis

1

Total CVEs

0

Critical

1

High

CVE-2026-33506

Mar 26, 2026

High (8.8)

Ory Polis, formerly known as BoxyHQ Jackson, bridges or proxies a SAML login flow to OAuth 2.0 or OpenID Connect. Versions prior to 26.2.0 contain a DOM-based Cross-Site Scripting (XSS) vulnerability ...

Read Advisory

Never Miss a Critical Alert

CVE advisories, breach reports, and threat intel — delivered daily to your inbox.