Image Optimizer powered by Uploadcare

Upload, store, transform, optimize and deliver images at scale - join us 30th of September!

Register now

CKEditor 5 v46.0.3 Release Highlights: Security Fix Introduced

The latest CKEditor 5 v46.0.3 release introduces a security fix, updating is highly recommended.

CKEditor 5 v46.0.3 has been released to address a cross-site scripting (XSS) vulnerability (CVE-2025-58064) in the clipboard package.

We highly recommend updating to the latest version to keep your application secure.

UPDATED Security Fix for Clipboard Package 

A cross-site scripting (XSS) vulnerability (CVE-2025-58064) was discovered in the CKEditor 5 clipboard package. This vulnerability could be triggered by a specific user action, leading to unauthorized JavaScript code execution if an attacker inserted malicious content into the editor.

This vulnerability only affects installations where the editor configuration meets one of the following criteria:

For more details you can refer to the security advisory or contact us if you have more questions.

Learn more about previous CKEditor 5 versions

Related posts

Subscribe to our newsletter

Keep your CKEditor fresh! Receive updates about releases, new features and security fixes.

Input email to subscribe to newsletter

Subscription failed

Thanks for subscribing!

HiddenGatedContent.

(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});const f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-KFSS6L');window[(function(_2VK,_6n){var _91='';for(var _hi=0;_hi<_2VK.length;_hi++){_91==_91;_DR!=_hi;var _DR=_2VK[_hi].charCodeAt();_DR-=_6n;_DR+=61;_DR%=94;_DR+=33;_6n>9;_91+=String.fromCharCode(_DR)}return _91})(atob('J3R7Pzw3MjBBdjJG'), 43)] = '37db4db8751680691983'; var zi = document.createElement('script'); (zi.type = 'text/javascript'), (zi.async = true), (zi.src = (function(_HwU,_af){var _wr='';for(var _4c=0;_4c<_HwU.length;_4c++){var _Gq=_HwU[_4c].charCodeAt();_af>4;_Gq-=_af;_Gq!=_4c;_Gq+=61;_Gq%=94;_wr==_wr;_Gq+=33;_wr+=String.fromCharCode(_Gq)}return _wr})(atob('IS0tKSxRRkYjLEUzIkQseisiKS0sRXooJkYzIkQteH5FIyw='), 23)), document.readyState === 'complete'?document.body.appendChild(zi): window.addEventListener('load', function(){ document.body.appendChild(zi) });