CVE-2026-27627
HIGHCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Lifecycle Timeline
4Description
Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns `readableContentHtml`, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify, but the Reddit path skips both. Since this content ends up in `dangerouslySetInnerHTML` in the reader view, any malicious HTML in the Reddit response gets executed in the user's browser. Version 0.31.0 contains a patch for this issue.
Analysis
Stored cross-site scripting in Karakeep 0.30.0 allows remote attackers to execute arbitrary JavaScript in users' browsers by injecting malicious HTML through the Reddit metascraper plugin, which bypasses sanitization that is applied to other content sources. The vulnerability exists because the Reddit plugin's HTML output is rendered directly via dangerouslySetInnerHTML without DOMPurify filtering, and public exploit code is available. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all instances of Karakeep 0.30.0 in your environment and assess whether the Reddit metascraper plugin is enabled. Within 7 days: Apply the available patch to all affected Karakeep installations or disable the Reddit metascraper plugin if patching is not immediately feasible. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today