Skip to main content

CVAT EUVDEUVD-2026-30186

| CVE-2026-44369 HIGH
Basic XSS (CWE-80)
2026-05-13 GitHub_M
8.5
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.5 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
P
Scope
X

Lifecycle Timeline

5
Source Code Evidence Fetched
Jun 08, 2026 - 09:11 vuln.today
Analysis Generated
Jun 08, 2026 - 09:11 vuln.today
Patch available
May 13, 2026 - 23:17 EUVD
CVSS changed
May 13, 2026 - 22:22 NVD
8.5 (HIGH)
CVE Published
May 13, 2026 - 21:32 nvd
UNKNOWN (no severity yet)

DescriptionGitHub Advisory

CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation guide. This code will be able to make arbitrary requests to CVAT with the victim user's privileges. This vulnerability is fixed in 2.64.0.

AnalysisAI

Stored cross-site scripting in CVAT (Computer Vision Annotation Tool) versions 2.5.0 through 2.63.0 allows an authenticated user with annotation-guide create/edit privileges to inject malicious JavaScript into a task's annotation guide, which executes in any victim's browser that opens it. Executed script runs with the victim's CVAT session privileges, enabling arbitrary API requests on their behalf. No public exploit identified at time of analysis; EPSS is low (0.05%) and SSVC reports no observed exploitation.

Technical ContextAI

CVAT is an open-source web-based image and video annotation platform widely used for building computer-vision training datasets. The flaw is classified as CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page - Basic XSS) and lives in the Markdown-based annotation guide editor and previewer in the cvat-ui React frontend. Per CPE cpe:2.3:a:cvat-ai:cvat, the cvat-ui Markdown preview component (annotation-guide-page.tsx and top-bar/right-group.tsx) rendered user-supplied Markdown without HTML sanitization, allowing raw HTML/JS in the rendered output. The vendor fix introduces the rehype-sanitize rehype plugin into the Markdown preview pipeline (previewOptions.rehypePlugins), filtering dangerous tags/attributes from the HAST tree before rendering.

RemediationAI

Vendor-released patch: upgrade CVAT to 2.64.0 or later, which adds the rehype-sanitize rehype plugin to the Markdown preview pipeline in annotation-guide-page.tsx and top-bar/right-group.tsx (fix commit ad9e90003d8234ac7602598b109dc11450321dfc, advisory https://github.com/cvat-ai/cvat/security/advisories/GHSA-m2h7-6xqm-p9v5). If immediate upgrade is not possible, restrict annotation-guide create/edit permissions to a small set of trusted users (project owners/maintainers) to remove the injection foothold - note this blocks legitimate annotator contributions to guides. As an additional compensating control, deploy a strict Content Security Policy on the CVAT frontend that forbids inline scripts and restricts script-src to the CVAT origin, which mitigates execution of injected payloads at the cost of breaking any legitimate inline-script customizations.

Share

EUVD-2026-30186 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy