Prometheus v3.5.5 Security Patch Addresses UI Vulnerability
securityinfrasecurity-advisoryengineer
patch security
Prometheus v3.5.5 includes a security fix for a UI dependency, upgrading `sanitize-html` to v2.17.5 to resolve CVE-2026-53606. This patch is crucial for maintaining the security posture of Prometheus deployments. The update is available as a patch release and requires no specific prerequisites beyond applying the new version.
- →UI Dependency Vulnerability Patched
- →Built with Go 1.25.12
Security (1) ›
- UI Dependency Vulnerability Patched
The Prometheus UI dependency `sanitize-html` has been updated to v2.17.5, addressing CVE-2026-53606. This is a security-focused patch to protect against potential UI-related exploits.
Notes (1) ›
- Built with Go 1.25.12
This release incorporates the latest Go toolchain, version 1.25.12.
Read the original announcement →
https://github.com/prometheus/prometheus/releases/tag/v3.5.5
Related releases
- Prometheus 3.5 reaches end of life in 16 days endoflife.date ·
- Prometheus 3.13.0: LTS release with security fixes and new features Prometheus Releases ·
- Prometheus v3.5.4 Security Fixes and GHCR Image Publishing Prometheus Releases ·
- Prometheus v3.13.1 fixes TSDB head-chunk cache bug Prometheus Releases ·