CVE-2026-22033 Overview
A persistent stored cross-site scripting (XSS) vulnerability has been identified in Label Studio, a popular multi-type data labeling and annotation tool. The vulnerability exists in the custom_hotkeys functionality and affects version 1.22.0 and earlier. An authenticated attacker can inject malicious JavaScript code that executes in other users' browsers when they load any page utilizing the templates/base.html template.
Critical Impact
This vulnerability enables full account takeover through API token theft. The application exposes an API token endpoint (/api/current-user/token) to the browser and lacks robust CSRF protection on some API endpoints, allowing injected scripts to fetch victim API tokens or call token reset endpoints.
Affected Products
- Label Studio version 1.22.0 and earlier
- Any deployment using the custom_hotkeys functionality
- Installations with the templates/base.html template
Discovery Timeline
- 2026-01-12 - CVE CVE-2026-22033 published to NVD
- 2026-01-13 - Last updated in NVD database
Technical Details for CVE-2026-22033
Vulnerability Analysis
This stored XSS vulnerability (CWE-79) occurs due to improper output encoding in the base.html template when rendering user-controlled custom_hotkeys data. The application uses the json_dumps_ensure_ascii filter followed by the safe filter without proper HTML entity escaping, allowing script tag injection through the hotkeys configuration.
The vulnerability is particularly dangerous because it is stored server-side and executes whenever any user loads a page that includes the affected template. Combined with the exposed API token endpoint and weak CSRF protections, an attacker can silently exfiltrate authentication tokens or perform unauthorized actions on behalf of the victim.
Root Cause
The root cause lies in the template rendering logic where the custom_hotkeys JSON data is output directly to the page without escaping special HTML characters like < and >. The original code used {{ user.custom_hotkeys|json_dumps_ensure_ascii|safe }} which allows script tags embedded in the hotkey configuration to be rendered as executable HTML.
Attack Vector
An authenticated attacker can exploit this vulnerability through the following attack chain:
- The attacker crafts a malicious custom_hotkeys payload containing JavaScript code (e.g., embedded <script> tags)
- The payload is stored when the attacker updates their hotkey configuration via the application's settings
- When any user loads a page using templates/base.html, the malicious script executes in their browser context
- The injected script can call /api/current-user/token to steal the victim's API token
- With the stolen token, the attacker gains full API access and can perform account takeover
</template>
<script id="app-settings" nonce="{{request.csp_nonce}}">
-
- var __customHotkeys = {{ user.custom_hotkeys|json_dumps_ensure_ascii|safe }};
+ var __customHotkeys = {{ user.custom_hotkeys|json_dumps_ensure_ascii|escape_lt_gt|safe }};
// Filter custom hotkeys for editor-specific ones
var editorCustomHotkeys = {};
Source: GitHub Commit Details
Detection Methods for CVE-2026-22033
Indicators of Compromise
- Unusual custom_hotkeys entries containing <script> tags or JavaScript event handlers
- Unexpected API token requests from client-side scripts
- Anomalous calls to /api/current-user/token or token reset endpoints
- Modified hotkey configurations containing encoded JavaScript payloads
Detection Strategies
- Monitor application logs for unusual modifications to user custom_hotkeys settings
- Implement Content Security Policy (CSP) violation logging to detect inline script execution attempts
- Review audit logs for suspicious API token access patterns or token resets
- Scan stored hotkey configurations for script injection patterns using regex rules
Monitoring Recommendations
- Enable detailed logging on the /api/current-user/token endpoint to track access patterns
- Configure Web Application Firewall (WAF) rules to detect XSS payloads in API request bodies
- Monitor for mass token resets or unusual authentication token usage across user accounts
- Set up alerts for changes to custom_hotkeys containing HTML-like content
How to Mitigate CVE-2026-22033
Immediate Actions Required
- Upgrade Label Studio to a version newer than 1.22.0 that includes the security fix
- Audit existing custom_hotkeys configurations for any malicious JavaScript content
- Review API token access logs for signs of unauthorized token theft
- Consider rotating API tokens for all users as a precautionary measure
Patch Information
The vulnerability has been addressed in the official security patch. The fix introduces an escape_lt_gt filter that properly escapes < and > characters in the custom_hotkeys output, preventing script injection. For technical details, see the GitHub Security Advisory GHSA-2mq9-hm29-8qch and the GitHub Pull Request #9084.
Workarounds
- Restrict access to the custom_hotkeys functionality to trusted administrators only
- Implement strict Content Security Policy headers to block inline script execution
- Deploy a Web Application Firewall with XSS protection rules enabled
- Monitor and sanitize custom_hotkeys data at the database level if patching is not immediately possible
# Configuration example - Add CSP headers to nginx configuration
# This provides defense-in-depth against XSS attacks
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'nonce-$request_id'; object-src 'none';" always;
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
