CVE-2026-44369 – CVAT: Stored XSS via annotation guides

CVE ID :CVE-2026-44369

Published : May 13, 2026, 9:32 p.m. | 25 minutes ago

Description :CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation guide. This code will be able to make arbitrary requests to CVAT with the victim user’s privileges. This vulnerability is fixed in 2.64.0.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-44471 – gitoxide: Symlink prefix-reuse allows worktree escape during checkout

CVE-2026-44439 – LookyLoo – PlaywrightCapture permits access to local files and internal network resources during page capture

CVE-2026-42463 – SQLBot: Unauthorized Access Vulnerability

CVE-2026-44437 – Angular SSR: Open Redirect and Request Steering via Encoded X-Forwarded-Prefix