Skip to main content

Fides CVE-2026-44541

| EUVDEUVD-2026-35201 HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-05-14 https://github.com/ethyca/fides GHSA-5qrq-9645-g5g2
7.0
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.0 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

4
CVSS changed
Jun 08, 2026 - 21:22 NVD
7.0 (HIGH)
Source Code Evidence Fetched
May 14, 2026 - 19:46 vuln.today
Analysis Generated
May 14, 2026 - 19:46 vuln.today
CVE Published
May 14, 2026 - 19:04 nvd
HIGH

DescriptionGitHub Advisory

Summary

fides.js is the script that renders Fides's consent banner on customer websites. It lets the embedding page override the banner's description text at runtime via a URL query parameter, a JavaScript global, or a cookie. On sites that have opted into HTML-formatted descriptions, the overridden value is rendered as live HTML without passing through the server-side sanitiser the rendering path was designed to trust.

The result is a DOM-based XSS that any visitor can trigger with a crafted link, no authentication required. The cookie source lets the payload persist, so a single click can plant a payload that fires on every subsequent banner render across all subdomains until cookies are cleared.

Am I affected?

This vulnerability affects Fides Enterprise deployments that use fides.js for consent management, a.k.a. "Janus", and have HTML-formatted banner descriptions enabled (the FIDES_PRIVACY_CENTER__ALLOW_HTML_DESCRIPTION Privacy Center container env var set to true ). Deployments that do not load fides.js, or that leave HTML descriptions off (the default), are not affected. The vulnerable code lives in the open-source ethyca-fides PyPI package, which is why this is published as a GHSA and CVE against Fides OSS, but only Fides Enterprise consent management platform deployments exercise the affected path.

To self-test, visit any page where your site loads the consent banner, replacing <your-site>:

https://<your-site>/?fides_override_language=en&fides_description=<img src=x onerror="alert(`DOM XSS in fides_description. Origin: ${document.domain}`)">

If a browser alert() appears showing the embedding origin when the banner renders, the deployment is affected. If the banner does not auto-open, click the manage privacy preferences link to display it.

<img width="1392" height="1031" alt="dom-xss-localhost" src="https://github.com/user-attachments/assets/548bcf44-e4ab-4070-ab31-89c6cff79be1" />

If no alert appears, the deployment is not affected via this path.

The fides_override_language=en parameter is required because experience-translation overrides only apply when the override language matches the active locale. Adjust to match the active locale on the target site if en is not it.

Details

The vulnerability is a trust gap between two features that are safe in isolation but unsafe together.

The first feature is the override mechanism. fides.js lets the embedding page replace certain banner fields at runtime by reading them from the URL, a JavaScript global, or a cookie on the page origin. The description text is one of the overrideable fields.

The second feature is HTML-formatted descriptions. When the allowHTMLDescription server-controlled flag is on, the rendering path writes the description into the DOM as live HTML rather than plain text. This mode relies on a server-side sanitiser (nh3) to clean any HTML before it reaches the client, so the rendering sink can trust its input.

Combining the two breaks the assumption. The override mechanism feeds the description directly from a client-controlled source, never reaching the server, so the sanitiser the rendering path was designed to trust never runs. On a deployment that has both features active, an attacker-supplied value travels straight from URL or cookie to the HTML sink and executes as script.

The cookie source compounds the impact. Cookies set by JavaScript on the apex domain are visible to every subdomain on subsequent loads, so a payload delivered via URL can write a fides_description cookie that fires on every later banner render across the entire site, until the cookie is cleared.

Impact

A successful exploit gives the attacker arbitrary JavaScript execution in the embedding site's origin, with the same authority as the site's own scripts. The payload can read and modify any data the page can access, issue requests on behalf of the visitor, and render content that appears to come from the site itself. The actual consequences on a given deployment depend on what the embedding origin holds and what other defences (CSP, cookie flags, origin isolation) are in place.

The cookie-based persistence variant raises the impact ceiling, since a single click can convert into a payload that fires on every subsequent banner render across the apex and all subdomains until the visitor clears their cookies.

Patches

This vulnerability has been patched in Fides OSS version 2.84.5, specifically ethyca/fides-privacy-center:2.84.5 Users are advised to upgrade to this version or later to secure their systems against these threats.

Fides Enterprise (fidesplus) version 2.84.6 contains the same patch.

Workarounds

Set FIDES_PRIVACY_CENTER__ALLOW_HTML_DESCRIPTION=false on the Privacy Center container(s) and redeploy. The XSS sink relies on the flag being on, so turning it off makes fides.js strip HTML from the description before rendering, regardless of which source the value came from.

Severity

This vulnerability has been assigned a severity of HIGH with a CVSS v4 vector of CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N (7.0, High).

The score reflects the worst realistic exploitation path: an attacker who can plant a fides_description cookie on the target origin gets persistent script execution that fires on every visitor's banner render, with no further interaction required. Cookie-write capability is not always available to a remote attacker, and the score accounts for that as a precondition, but when it is available the impact is script execution in the embedding site's origin every time the banner or modal renders.

The more common delivery path (a crafted link the victim clicks) scores 6.3, Medium, with a vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N. Per the FIRST CVSS 4.0 User Guide, library-level vulnerabilities should be scored against the "reasonable worst-case scenario", since the analyst cannot anticipate every deployment context. We publish the higher score on that basis.

The published score is the base severity of the vulnerability itself. Real-world impact on a given deployment can be higher or lower depending on the embedding site's own defences. Sites with HttpOnly session cookies, strict Content-Security-Policy, and authentication flows isolated from the consent experience origin reduce the surface a payload can reach. Sites with permissive CSP, JavaScript-readable session tokens, or same-origin OIDC/social-login flows expose more. Operators should assess the score against their own environment.

AnalysisAI

DOM-based cross-site scripting in Fides consent banner (fides.js) allows remote unauthenticated attackers to execute arbitrary JavaScript in the embedding site's origin via crafted URL parameters, JavaScript globals, or cookies. The vulnerability affects Fides Enterprise deployments using the consent management platform with HTML-formatted banner descriptions enabled (FIDES_PRIVACY_CENTER__ALLOW_HTML_DESCRIPTION=true), though only when the non-default HTML description feature is active. Cookie-based payload delivery enables persistent XSS across all subdomains until cookies are cleared. Vendor-released patch available in ethyca-fides 2.84.5 (OSS) and fidesplus 2.84.6 (Enterprise). No public exploit identified at time of analysis beyond the vendor's proof-of-concept test snippet.

Technical ContextAI

Fides is a privacy-as-code platform providing consent management capabilities via its fides.js client-side library. The vulnerability arises from an architectural trust gap between two features. First, fides.js implements a runtime override mechanism that allows embedding pages to replace banner text fields (title, description, privacy policy URL) by reading values from URL query parameters (fides_description), JavaScript globals (window.fides_overrides), or cookies set on the page origin. Second, when the FIDES_PRIVACY_CENTER__ALLOW_HTML_DESCRIPTION server flag is enabled, the rendering path uses dangerouslySetInnerHTML (or equivalent unsafe DOM sink) to write description content as live HTML rather than text, relying on server-side nh3 sanitization to cleanse HTML before it reaches the client. Combining these features breaks the security model: client-controlled override sources bypass the server entirely, delivering unsanitized attacker payloads directly to the HTML rendering sink. The affected CPE is pkg:pip/ethyca-fides versions 2.33.0 through 2.84.4. CWE-79 (Improper Neutralization of Input During Web Page Generation) is the root vulnerability class. The patch commit (67e43b10b1096c7f84d5c0eeba08ee3b7846b7cd) removes the experience translation override mechanism entirely, eliminating all client-side override paths for title, description, and privacy_policy_url fields.

RemediationAI

Upgrade to ethyca-fides version 2.84.5 or later (OSS deployments) or fidesplus version 2.84.6 or later (Enterprise deployments). The patch commit 67e43b10b1096c7f84d5c0eeba08ee3b7846b7cd removes the client-side experience translation override mechanism entirely, eliminating all URL parameter, JavaScript global, and cookie-based override paths for banner text fields. Installation instructions and release artifacts are available at https://github.com/ethyca/fides/releases/tag/2.84.5. If immediate patching is not feasible, disable HTML-formatted descriptions by setting FIDES_PRIVACY_CENTER__ALLOW_HTML_DESCRIPTION=false in the Privacy Center container environment and redeploying; this configuration change forces fides.js to strip HTML from all description sources regardless of origin, converting the unsafe innerHTML sink to safe textContent rendering. The workaround carries no functional side effects beyond loss of HTML formatting in banner descriptions (rich text, links, emphasis). Organizations using custom HTML-formatted consent text will need to revert to plain text descriptions until patched. No network-level or CSP-based mitigations are effective because the payload executes within the legitimate fides.js script context on the embedding origin. Verify remediation using the vendor's provided test URL: https://<your-site>/?fides_override_language=en&fides_description=<img src=x onerror="alert('XSS')"> - a successful fix produces no alert and renders the payload as escaped text.

Share

CVE-2026-44541 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy