Skip to main content

Kimi AI CVE-2026-39107

| EUVDEUVD-2026-34156 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-06-03 mitre GHSA-22c2-92rp-fgpf
6.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
Analysis Generated
Jun 03, 2026 - 20:37 vuln.today
CVSS changed
Jun 03, 2026 - 19:22 NVD
6.3 (MEDIUM)
CVE Published
Jun 03, 2026 - 00:00 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is rendered directly into the DOM, leading to arbitrary JavaScript execution in the victim's browser session.

AnalysisAI

Cross-site scripting in Kimi AI v1.0's web interface 'Preview' feature allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by inducing them to view AI-generated content containing unsanitized HTML or JavaScript payloads. The root cause is the application's failure to sanitize or encode output from the AI model before rendering it into the DOM when a user activates the Preview tab. A publicly available proof-of-concept exploit exists at a GitHub repository linked to the CVE; no confirmed active exploitation (CISA KEV) has been identified at time of analysis.

Technical ContextAI

CWE-79 (Improper Neutralization of Input During Web Page Generation) describes a class of vulnerabilities where attacker-controlled or untrusted content is injected into a web page and interpreted as executable code by the browser rather than inert data. In this instance, the Kimi AI v1.0 web application presents a 'Preview' tab that renders AI-generated code output directly into the DOM without applying context-aware output encoding or a Content Security Policy that would block inline script execution. The attack surface is the AI model's response pipeline: content generated by the model is treated as trusted and passed to the DOM renderer without a sanitization step. The CPE data provided (cpe:2.3:a:n/a:n/a) is unpopulated, meaning no authoritative product identifier has been registered with NVD, which limits automated tracking. The affected software is identified only by the CVE description as 'Kimi AI v1.0.'

RemediationAI

No vendor-released patch has been identified at time of analysis; no official advisory URL from the Kimi AI vendor was present in the reference set. The primary remediation is to apply output encoding to all AI-generated content before rendering it into the DOM, specifically HTML-encoding and JavaScript-encoding content destined for innerHTML or equivalent DOM sink APIs. As a compensating control, deploying a strict Content Security Policy (CSP) header with 'script-src self' and disabling 'unsafe-inline' would prevent injected inline scripts from executing, though this may break legitimate application functionality that relies on inline scripts and would require testing. Alternatively, disabling or restricting access to the Preview feature until a fix is issued eliminates the attack surface entirely at the cost of that feature's availability. Organizations running Kimi AI v1.0 should monitor the vendor's official channels and the proof-of-concept repository at https://github.com/MGTx2/CVE-2026-39107 for patch releases. The NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-39107 should be monitored for advisory updates.

Share

CVE-2026-39107 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy