AI / ML CVE-2026-25802
HIGHSeverity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L
Lifecycle Timeline
4DescriptionGitHub Advisory
New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site Scripting(XSS) when the model outputs items containing <script> tag. Version 0.10.8-alpha.9 fixes the issue.
AnalysisAI
New API LLM gateway versions before 0.10.8-alpha.9 are vulnerable to stored cross-site scripting through the MarkdownRenderer component, which fails to sanitize script tags in model outputs. An authenticated attacker with user interaction can inject malicious scripts that execute in other users' browsers, potentially compromising session data or performing unauthorized actions. Public exploit code exists for this vulnerability, though a patch is available.
Technical ContextAI
Classified as CWE-79 (Cross-site Scripting (XSS)). Affects New Api. New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site Scripting(XSS) when the model outputs items containing <script> tag. Version 0.10.8-alpha.9 fixes the issue.
RemediationAI
A vendor patch is available — apply it immediately. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.
MCPJam Inspector versions 1.4.2 and earlier allow unauthenticated remote code execution through missing authentication i
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. Rated high severity (CVSS 7.5), this vulnerabilit
Code injection in Langflow CSV Agent node before 1.8.0. The node hardcodes allow_dangerous_code=True, enabling arbitrary
Langflow has a third RCE vulnerability via exec_globals (EPSS 10.0%) allowing inclusion of untrusted code that executes
Sandbox escape in Enclave JavaScript sandbox before 2.11.1. Enclave is designed for safe AI agent code execution — the e
enclave-vm JavaScript sandbox (before 2.7.0) has a critical sandbox escape. When a tool invocation fails, a host-side Er
A remote code execution vulnerability in langchain-ai/langchain (CVSS 10.0). Risk factors: public PoC available. Vendor
n8n has a fifth critical RCE vulnerability (CVSS 9.9) in the Expression evaluator, enabling code execution through craft
Path traversal vulnerability in RAGFlow RAG engine version 0.23.1 allows unauthenticated attackers to read arbitrary fil
WeKnora LLM framework (before 0.2.5) allows authenticated users to inject MCP stdio commands that the server executes as
OS command injection in WeKnora from version 0.2.5 allows authenticated users to execute arbitrary system commands. CVSS
Shell command injection in Nuclio serverless framework before 1.15.20. PoC and patch available.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allVendor StatusVendor
SUSE
Severity: High| Product | Status |
|---|---|
| openSUSE Leap 15.6 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP5 | Fixed |
| SUSE Linux Enterprise Module for Package Hub 15 SP6 | Fixed |
| openSUSE Leap 15.5 | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
GHSA-299v-8pq9-5gjq