Skip to main content

Deerflow CVE-2026-32859

| EUVDEUVD-2026-16608 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-03-27 VulnCheck GHSA-36m7-49vh-x3qh
5.1
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (VulnCheck) · only source for this CVE.

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

4
EUVD ID Assigned
Mar 27, 2026 - 14:00 euvd
EUVD-2026-16608
Analysis Generated
Mar 27, 2026 - 14:00 vuln.today
Patch released
Mar 27, 2026 - 14:00 nvd
Patch available
CVE Published
Mar 27, 2026 - 13:41 nvd
MEDIUM 5.1

DescriptionCVE.org

ByteDance Deer-Flow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API that allows attackers to execute arbitrary scripts by uploading malicious HTML or script content as artifacts. Attackers can store malicious content that executes in the browser context when users view artifacts, leading to session compromise, credential theft, and arbitrary script execution.

AnalysisAI

ByteDance Deer-Flow artifacts API fails to sanitize user-supplied HTML and script content before storage and rendering, enabling stored cross-site scripting (XSS) attacks that execute arbitrary scripts in the browser context of users viewing artifacts. All versions prior to commit 5dbb362 are affected; attackers can compromise sessions, steal credentials, and execute arbitrary JavaScript without authentication. A patch is available from the vendor via GitHub commit 5dbb3623b2f0e490c8bb3cd81b1e3b1b12eae1a6, and no public exploit code or active exploitation has been identified at time of analysis.

Technical ContextAI

Deer-Flow is ByteDance's artifact management and workflow orchestration platform (CPE: cpe:2.3:a:bytedance_inc.:deerflow:*:*:*:*:*:*:*:*). The vulnerability stems from improper input validation and output encoding in the artifacts API endpoint responsible for storing and rendering artifact content. The root cause is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), a class of vulnerability where untrusted data is inserted into HTML/JavaScript context without encoding or sanitization. When users upload HTML, SVG, or JavaScript payloads as artifact content, the API stores them verbatim and renders them inline in the browser without Content Security Policy (CSP) enforcement or HTML entity encoding. This allows injected scripts to execute with the privilege level of the authenticated user viewing the artifact.

RemediationAI

Upgrade ByteDance Deer-Flow to a version incorporating patch commit 5dbb3623b2f0e490c8bb3cd81b1e3b1b12eae1a6 or later (verify via git log or version tag at https://github.com/bytedance/deer-flow/pull/1389). If immediate patching is not feasible, implement compensating controls: enforce a strict Content Security Policy (CSP) header prohibiting inline script execution and restricting script sources to allowlisted origins, disable or restrict artifact upload functionality for untrusted users via role-based access controls, and monitor artifact API requests for suspicious HTML/JavaScript payloads using Web Application Firewall (WAF) rules. Additionally, audit all previously uploaded artifacts for malicious content and consider clearing untrusted artifact stores until patching is complete.

Share

CVE-2026-32859 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy