CVE-2026-1721 – Reflected Cross-Site Scripting (XSS) vulnerability in AI Playground site

CVE ID : CVE-2026-1721

Published : Feb. 13, 2026, 3:15 a.m. | 1 hour, 12 minutes ago

Description : Summary

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground’s OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary JavaScript in the context of the victim’s session.

Root cause

The OAuth callback handler in `site/ai-playground/src/server.ts` directly interpolated the `authError` value, sourced from the `error_description` query parameter, into an inline ` 

نوشته های مشابه

CVE-2026-25108 – FileZen OS Command Injection Vulnerability

CVE-2025-9293 – Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception

CVE-2025-9292 – Permissive Web Security Policy Allows Cross-Origin Access Control Bypass on Omada Cloud Controllers

CVE-2024-21961 – Intel PCIe Link Buffer Overflow Vulnerability