Skip to main content

AI / ML CVE-2026-25802

HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-02-24 security-advisories@github.com GHSA-299v-8pq9-5gjq
7.6
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.6 HIGH
AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
High
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
PoC Detected
Feb 25, 2026 - 20:17 vuln.today
Public exploit code
Patch released
Feb 25, 2026 - 20:17 nvd
Patch available
CVE Published
Feb 24, 2026 - 01:16 nvd
HIGH 7.6

DescriptionGitHub Advisory

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site Scripting(XSS) when the model outputs items containing <script> tag. Version 0.10.8-alpha.9 fixes the issue.

AnalysisAI

New API LLM gateway versions before 0.10.8-alpha.9 are vulnerable to stored cross-site scripting through the MarkdownRenderer component, which fails to sanitize script tags in model outputs. An authenticated attacker with user interaction can inject malicious scripts that execute in other users' browsers, potentially compromising session data or performing unauthorized actions. Public exploit code exists for this vulnerability, though a patch is available.

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). Affects New Api. New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site Scripting(XSS) when the model outputs items containing <script> tag. Version 0.10.8-alpha.9 fixes the issue.

RemediationAI

A vendor patch is available — apply it immediately. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

CVE-2026-23744 CRITICAL POC
9.8 Jan 16

MCPJam Inspector versions 1.4.2 and earlier allow unauthenticated remote code execution through missing authentication i

CVE-2024-8859 HIGH POC
7.5 Mar 20

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. Rated high severity (CVSS 7.5), this vulnerabilit

CVE-2026-27966 CRITICAL POC
9.8 Feb 26

Code injection in Langflow CSV Agent node before 1.8.0. The node hardcodes allow_dangerous_code=True, enabling arbitrary

CVE-2026-0770 CRITICAL POC
9.8 Jan 23

Langflow has a third RCE vulnerability via exec_globals (EPSS 10.0%) allowing inclusion of untrusted code that executes

CVE-2026-27597 CRITICAL POC
10.0 Feb 25

Sandbox escape in Enclave JavaScript sandbox before 2.11.1. Enclave is designed for safe AI agent code execution — the e

CVE-2026-22686 CRITICAL POC
10.0 Jan 14

enclave-vm JavaScript sandbox (before 2.7.0) has a critical sandbox escape. When a tool invocation fails, a host-side Er

CVE-2025-2828 CRITICAL POC
10.0 Jun 23

A remote code execution vulnerability in langchain-ai/langchain (CVSS 10.0). Risk factors: public PoC available. Vendor

CVE-2026-1470 CRITICAL POC
9.9 Jan 27

n8n has a fifth critical RCE vulnerability (CVSS 9.9) in the Expression evaluator, enabling code execution through craft

CVE-2026-24770 CRITICAL POC
9.8 Jan 27

Path traversal vulnerability in RAGFlow RAG engine version 0.23.1 allows unauthenticated attackers to read arbitrary fil

CVE-2026-22688 CRITICAL POC
9.9 Jan 10

WeKnora LLM framework (before 0.2.5) allows authenticated users to inject MCP stdio commands that the server executes as

CVE-2026-30861 CRITICAL POC
9.9 Mar 07

OS command injection in WeKnora from version 0.2.5 allows authenticated users to execute arbitrary system commands. CVSS

CVE-2026-29042 CRITICAL POC
9.8 Mar 06

Shell command injection in Nuclio serverless framework before 1.15.20. PoC and patch available.

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Leap 15.6 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP5 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP6 Fixed
openSUSE Leap 15.5 Fixed

Share

CVE-2026-25802 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy