Skip to main content

Python CVE-2026-33140

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-03-18 https://github.com/ParzivalHack/PySpector GHSA-2gmv-2r3v-jxj2
6.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 18, 2026 - 16:45 vuln.today
CVE Published
Mar 18, 2026 - 16:33 nvd
MEDIUM 6.1

DescriptionGitHub Advisory

Summary

PySpector versions <= 0.1.6 are affected by a stored Cross-Site Scripting (XSS) vulnerability in the HTML report generator. When PySpector scans a Python file containing JavaScript payloads (i.e. inside a string passed to eval() ), the flagged code snippet is interpolated into the HTML report without sanitization. Opening the generated report in a browser causes the embedded JavaScript to execute in the browser's local file context.

Impact

An attacker can craft a malicious Python file (for example, hosted in a public repository), designed to be scanned by PySpector. When a victim scans this file and opens the resulting HTML report, arbitrary JavaScript executes in their browser. While the file:// context limits the attacker's ability to exfiltrate cookies or make credentialed requests, the following is still achievable:

  • Arbitrary DOM manipulation
  • Redirects to attacker-controlled pages
  • Theft of locally accessible data via fetch() or XMLHttpRequest to file:// paths (browser-dependent)

Any user of PySpector who scans untrusted code and generates HTML reports, is potentially affected.

PoC

The following steps reproduce the vulnerability on PySpector <= 0.1.6:

  1. Create a malicious Python file containing a JavaScript payload embedded in a string argument to eval(), and run PySpector against the file, generating an HTML report:

<img width="871" height="752" alt="image" src="https://github.com/user-attachments/assets/1b0a57f2-3632-4347-a9b7-6a94dc2e82b2" />

  1. Open the generated HTML report in any browser:

<img width="1920" height="920" alt="image" src="https://github.com/user-attachments/assets/a4075c4a-6153-41b4-ad77-81d009d7a9f8" />

AnalysisAI

PySpector versions 0.1.6 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability in the HTML report generator that fails to sanitize JavaScript payloads embedded within scanned Python code. When a victim scans a malicious Python file crafted by an attacker and opens the resulting HTML report in a browser, the embedded JavaScript executes in the local file context, potentially enabling DOM manipulation, page redirects, and theft of locally accessible data. A proof-of-concept demonstrating the vulnerability has been publicly disclosed.

Technical ContextAI

PySpector is a Python code analysis tool that generates HTML reports from static analysis results. The vulnerability exists in the HTML report generation component where code snippets flagged during scanning are interpolated directly into the HTML output without proper encoding or sanitization. The affected product is identified by CPE pkg:pip/pyspector. The root cause is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), a classic reflected and stored XSS weakness. When PySpector processes a Python file containing JavaScript code within string literals (particularly within eval() arguments), the flagged snippet is embedded into the HTML report. Modern browsers parse and execute this JavaScript when the report is opened, even in the file:// context, because the HTML lacks proper output encoding mechanisms such as HTML entity encoding or Content Security Policy headers.

RemediationAI

Upgrade PySpector to a version later than 0.1.6 as soon as a patched release becomes available; verify the patch at the vendor advisory https://github.com/ParzivalHack/PySpector/security/advisories/GHSA-2gmv-2r3v-jxj2. As an interim mitigation, avoid scanning untrusted or adversarially-crafted Python files with PySpector, restrict the generation of HTML reports to trusted code only, and consider opening generated reports only in restricted browser contexts or sandboxed environments. For organizations using PySpector in automated CI/CD pipelines, disable HTML report generation or implement manual review gates for reports generated from third-party or public repositories until patching is complete.

More in Python

View all
CVE-2025-24016 CRITICAL POC
9.9 Feb 10

Wazuh SIEM platform versions 4.4.0 through 4.9.0 contain an unsafe deserialization vulnerability in the DistributedAPI t

CVE-2025-27520 CRITICAL POC
9.8 Apr 04

BentoML version 1.4.2 and earlier contains an unauthenticated remote code execution vulnerability through insecure deser

CVE-2025-2945 CRITICAL POC
9.9 Apr 03

pgAdmin 4 contains critical remote code execution vulnerabilities in the Query Tool download and Cloud Deployment endpoi

CVE-2013-5093 MEDIUM POC
6.8 Sep 27

The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python

CVE-2025-32375 CRITICAL POC
9.8 Apr 09

BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Rated critica

CVE-2014-0224 HIGH POC
7.4 Jun 05

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCiph

CVE-2024-21644 HIGH POC
7.5 Jan 08

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint.

CVE-2017-9462 HIGH POC
8.8 Jun 06

In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and conse

CVE-2026-39987 CRITICAL POC
9.3 Apr 08

Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/

CVE-2024-21645 MEDIUM POC
5.3 Jan 08

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulne

CVE-2026-33017 CRITICAL POC
9.3 Mar 17

Langflow (a visual LLM pipeline builder) contains a critical unauthenticated code execution vulnerability (CVE-2026-3301

CVE-2026-55255 HIGH POC
8.4 Jun 19

Cross-user flow execution in Langflow (< 1.9.1) lets any authenticated API-key holder run another user's flow by passing

Share

CVE-2026-33140 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy