Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Lifecycle Timeline
3DescriptionCVE.org
A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is rendered directly into the DOM, leading to arbitrary JavaScript execution in the victim's browser session.
AnalysisAI
Cross-site scripting in Kimi AI v1.0's web interface 'Preview' feature allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser by inducing them to view AI-generated content containing unsanitized HTML or JavaScript payloads. The root cause is the application's failure to sanitize or encode output from the AI model before rendering it into the DOM when a user activates the Preview tab. A publicly available proof-of-concept exploit exists at a GitHub repository linked to the CVE; no confirmed active exploitation (CISA KEV) has been identified at time of analysis.
Technical ContextAI
CWE-79 (Improper Neutralization of Input During Web Page Generation) describes a class of vulnerabilities where attacker-controlled or untrusted content is injected into a web page and interpreted as executable code by the browser rather than inert data. In this instance, the Kimi AI v1.0 web application presents a 'Preview' tab that renders AI-generated code output directly into the DOM without applying context-aware output encoding or a Content Security Policy that would block inline script execution. The attack surface is the AI model's response pipeline: content generated by the model is treated as trusted and passed to the DOM renderer without a sanitization step. The CPE data provided (cpe:2.3:a:n/a:n/a) is unpopulated, meaning no authoritative product identifier has been registered with NVD, which limits automated tracking. The affected software is identified only by the CVE description as 'Kimi AI v1.0.'
RemediationAI
No vendor-released patch has been identified at time of analysis; no official advisory URL from the Kimi AI vendor was present in the reference set. The primary remediation is to apply output encoding to all AI-generated content before rendering it into the DOM, specifically HTML-encoding and JavaScript-encoding content destined for innerHTML or equivalent DOM sink APIs. As a compensating control, deploying a strict Content Security Policy (CSP) header with 'script-src self' and disabling 'unsafe-inline' would prevent injected inline scripts from executing, though this may break legitimate application functionality that relies on inline scripts and would require testing. Alternatively, disabling or restricting access to the Preview feature until a fix is issued eliminates the attack surface entirely at the cost of that feature's availability. Organizations running Kimi AI v1.0 should monitor the vendor's official channels and the proof-of-concept repository at https://github.com/MGTx2/CVE-2026-39107 for patch releases. The NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2026-39107 should be monitored for advisory updates.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34156
GHSA-22c2-92rp-fgpf