The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-49126

CVE-2025-49126: Visionatrix XSS Vulnerability

CVE-2025-49126 is a reflected XSS flaw in Visionatrix that enables full application takeover and secret exfiltration. This article covers the technical details, affected versions 1.5.0-2.5.0, and mitigation.

Published: April 29, 2026

CVE-2025-49126 Overview

CVE-2025-49126 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting Visionatrix, an AI Media processing tool built on ComfyUI. The vulnerability exists in the /docs/flows endpoint, which improperly handles user-controlled input when generating Swagger documentation pages. This flaw allows attackers to execute arbitrary JavaScript in the context of a victim's browser session, potentially leading to complete application takeover and exfiltration of sensitive secrets stored within the application.

Critical Impact

This one-click attack enables full session hijacking and extraction of secrets stored in the Visionatrix application, affecting all users who click malicious links.

Affected Products

  • Visionatrix versions 1.5.0 to 2.5.0 (before 2.5.1)
  • Applications using FastAPI's get_swagger_ui_html function with unsanitized user input
  • ComfyUI-based deployments utilizing vulnerable Visionatrix versions

Discovery Timeline

  • 2025-06-23 - CVE-2025-49126 published to NVD
  • 2025-06-23 - Security patch released in version 2.5.1
  • 2026-04-15 - Last updated in NVD database

Technical Details for CVE-2025-49126

Vulnerability Analysis

The vulnerability stems from improper input sanitization in the /docs/flows endpoint implementation. Visionatrix uses FastAPI's get_swagger_ui_html function to generate documentation pages. However, this function does not encode or sanitize its arguments before incorporating them into the generated HTML output. When user-controlled input is passed to this function, it creates an opportunity for attackers to inject malicious JavaScript code that executes in the victim's browser.

The attack requires minimal user interaction—simply clicking a crafted malicious link—making it highly effective for targeted attacks against Visionatrix users. Once exploited, attackers gain access to the victim's session context, enabling them to perform any action the user could perform and exfiltrate sensitive data including API keys, credentials, and processing secrets stored within the application.

Root Cause

The root cause is CWE-79 (Improper Neutralization of Input During Web Page Generation). The get_swagger_ui_html function from FastAPI was designed for use with trusted, developer-controlled parameters and does not perform input sanitization. By passing user-controlled values to this function without proper encoding, the application allows arbitrary HTML and JavaScript injection into the generated documentation page.

Attack Vector

The attack exploits the network-accessible /docs/flows endpoint by crafting a malicious URL containing JavaScript payloads in parameters that are reflected into the Swagger UI HTML output. When a victim clicks the malicious link, the injected script executes in their browser within the application's security context. This grants the attacker access to:

  • Session cookies and authentication tokens
  • Stored secrets and API credentials
  • Full control over the user's Visionatrix session
  • Ability to perform actions on behalf of the user

The fix implements proper URL encoding using Python's urllib.parse.urlencode to sanitize input before rendering:

python
import shutil
from contextlib import asynccontextmanager
from pathlib import Path
+from urllib.parse import urlencode

import httpx
import uvicorn

Source: GitHub Commit

Detection Methods for CVE-2025-49126

Indicators of Compromise

  • Unusual HTTP requests to /docs/flows endpoint containing URL-encoded JavaScript or HTML tags
  • Server logs showing requests with <script>, javascript:, or event handler attributes (e.g., onerror, onload) in query parameters
  • Client-side errors or unexpected redirects when accessing Swagger documentation pages
  • Reports of users experiencing suspicious behavior after clicking links to the application's documentation

Detection Strategies

  • Implement Web Application Firewall (WAF) rules to detect and block XSS patterns in URL parameters targeting /docs/flows
  • Deploy Content Security Policy (CSP) headers to restrict inline script execution and report policy violations
  • Monitor server access logs for requests containing encoded special characters (%3C, %3E, %22) in documentation endpoint URLs
  • Utilize browser-based security tools to detect DOM manipulation attempts on Swagger UI pages

Monitoring Recommendations

  • Enable detailed logging for all requests to documentation endpoints (/docs/*)
  • Set up alerts for high volumes of malformed requests to the Swagger documentation path
  • Implement session monitoring to detect unusual activity patterns following documentation page access
  • Deploy Real User Monitoring (RUM) to identify client-side JavaScript errors indicative of injection attempts

How to Mitigate CVE-2025-49126

Immediate Actions Required

  • Upgrade Visionatrix to version 2.5.1 or later immediately
  • Audit server logs for historical exploitation attempts targeting the /docs/flows endpoint
  • Review and rotate any secrets or credentials that may have been exposed through compromised user sessions
  • Notify users about the vulnerability and recommend clearing browser sessions and updating credentials

Patch Information

The vulnerability has been fixed in Visionatrix version 2.5.1. The patch implements proper URL encoding for user-controlled parameters before they are passed to FastAPI's Swagger UI generation functions. For detailed patch information, refer to the GitHub Security Advisory and the commit that addresses this issue.

Workarounds

  • Restrict network access to the /docs/flows endpoint using firewall rules or reverse proxy configuration until patching is complete
  • Implement strict Content Security Policy headers to prevent inline script execution: Content-Security-Policy: script-src 'self'
  • Deploy a WAF rule to block requests containing potential XSS payloads in URL parameters to documentation endpoints
  • Consider temporarily disabling public access to Swagger documentation pages in production environments
bash
# Example nginx configuration to restrict access to documentation endpoints
location /docs {
    # Restrict to internal network only
    allow 10.0.0.0/8;
    allow 192.168.0.0/16;
    deny all;
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeXSS
  • Vendor/TechFastapi
  • SeverityHIGH
  • CVSS Score8.8
  • EPSS Probability0.24%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityLow
  • AvailabilityLow
  • CWE References
  • CWE-79
  • Technical References
  • GitHub Commit Update
  • GitHub Security Advisory
  • Related CVEs
  • CVE-2025-0182: Danswer AI Memory Exhaustion DoS Vulnerability
  • CVE-2026-2975: FastAPI Admin Information Disclosure Flaw
  • CVE-2026-23996: FastAPI Api Key Timing Attack Vulnerability
  • CVE-2021-32677: Tiangolo FastAPI CSRF Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English