Package Affected: net.sourceforge.plantuml:plantuml CVE Identifier: CVE-2026-0858 Exploit Maturity: PROOF OF CONCEPT CVSS Base Score: 5.1 Severity: Medium CVSS Vectors: - Attack Vector (AV): Network - Attack Complexity (AC): Low - Attack Requirements (AT): None - Privileges Required (PR): None - User Interaction (UI): Active - Confidentiality (VC): None - Integrity (VI): Low - Availability (VA): None - Confidentiality (SC): Low - Integrity (SI): Low - Availability (SA): None Recommended Action: Upgrade to version 1.2026.0 or higher. Introduced Date: 23 Dec 2025 Published Date: 15 Jan 2026 Disclosed Date: 23 Dec 2025 Credit: Catalin Iovita (Snyk Security Research) References: - GitHub Commit - GitHub Release