CVE-2026-23516 Overview
CVE-2026-23516 is a Cross-Site Scripting (XSS) vulnerability in CVAT (Computer Vision Annotation Tool), an open source interactive video and image annotation tool for computer vision. This vulnerability allows an attacker to execute arbitrary JavaScript in a victim user's CVAT UI session through maliciously crafted labels or SVG images.
The vulnerability exists in versions 2.2.0 through 2.54.0 and requires social engineering to exploit, as attackers must convince victims to either edit a malicious label, view a shape referencing that label, or upload a maliciously crafted SVG image when configuring a skeleton.
Critical Impact
Successful exploitation grants attackers temporary access to all CVAT resources accessible by the victim user, including annotation projects, datasets, and potentially sensitive machine learning training data.
Affected Products
- CVAT versions 2.2.0 through 2.54.0
- CVAT installations with user-accessible label creation functionality
- CVAT deployments allowing SVG skeleton configuration uploads
Discovery Timeline
- 2026-01-21 - CVE CVE-2026-23516 published to NVD
- 2026-01-21 - Last updated in NVD database
Technical Details for CVE-2026-23516
Vulnerability Analysis
This vulnerability is classified as CWE-83 (Improper Neutralization of Script in Attributes in a Web Page), a specific form of Cross-Site Scripting. The flaw exists in how CVAT handles user-supplied SVG content and label data within the canvas rendering components.
The attack requires network access with user interaction—an attacker must first create malicious content within CVAT (either a crafted label or SVG file) and then entice a victim to interact with that content. Once triggered, the injected JavaScript executes within the victim's authenticated session context, enabling unauthorized access to CVAT resources, potential data exfiltration, and session hijacking.
Root Cause
The root cause lies in the unsafe handling of SVG content within the CVAT canvas module. The vulnerable code path used innerHTML to directly inject SVG content, which allowed embedded JavaScript to execute. The skeletonSVG parameter was originally typed as a raw string, enabling attackers to embed malicious script elements within SVG markup.
The security patch addresses this by:
- Changing the skeletonSVG type from string to SVGSVGElement, enforcing a proper DOM element type
- Replacing the unsafe innerHTML assignment with replaceChildren() method using cloned DOM nodes
Attack Vector
The attack vector is network-based and requires user interaction. An attacker with the ability to create or modify CVAT tasks/projects can:
- Create a malicious label containing embedded JavaScript within SVG attributes
- Upload a crafted SVG image containing script payloads when configuring skeletons
- Wait for or socially engineer a victim user to view or edit the poisoned content
Once the victim interacts with the malicious content, the JavaScript executes in their browser session with their authentication context.
// Vulnerable code pattern in canvasModel.ts
// Source: https://github.com/cvat-ai/cvat/commit/40800707fe39e3ff76c8d036eb953eb12d764e70
shapeType?: string;
rectDrawingMethod?: RectDrawingMethod;
cuboidDrawingMethod?: CuboidDrawingMethod;
- skeletonSVG?: string;
+ skeletonSVG?: SVGSVGElement;
numberOfPoints?: number;
initialState?: any;
crosshair?: boolean;
// Vulnerable code pattern in drawHandler.ts - unsafe innerHTML usage
// Source: https://github.com/cvat-ai/cvat/commit/40800707fe39e3ff76c8d036eb953eb12d764e70
transform: `translate(${x}px, ${y}px)`,
});
- /* eslint-disable-next-line no-unsanitized/property */
- this.pointsGroup.node.innerHTML = this.drawData.skeletonSVG;
+ this.pointsGroup.node.replaceChildren(...this.drawData.skeletonSVG.cloneNode(true).childNodes);
Array.from(this.pointsGroup.node.children).forEach((child: Element) => {
const dataType = child.getAttribute('data-type');
if (child.tagName === 'circle' && dataType && dataType.includes('element')) {
Detection Methods for CVE-2026-23516
Indicators of Compromise
- Unusual JavaScript execution or XHR requests originating from CVAT annotation interface
- SVG files containing <script> tags, javascript: URIs, or event handler attributes (onload, onerror, etc.)
- Labels or task configurations containing encoded or obfuscated script payloads
- Unexpected API calls to CVAT resources from user sessions
Detection Strategies
- Implement Content Security Policy (CSP) headers to detect and block inline script execution
- Monitor browser console logs for XSS-related errors or blocked script attempts
- Audit CVAT database for labels containing suspicious HTML/SVG content patterns
- Review uploaded SVG files for embedded scripts using server-side scanning
Monitoring Recommendations
- Enable detailed logging for CVAT task and project modifications
- Monitor for anomalous user session activity following label edits or SVG uploads
- Set up alerts for unexpected data exports or bulk resource access patterns
- Track browser-side errors related to script execution or CSP violations
How to Mitigate CVE-2026-23516
Immediate Actions Required
- Upgrade CVAT to version 2.55.0 or later immediately
- Audit existing labels and SVG configurations for potentially malicious content
- Review recent task and project modifications for signs of exploitation attempts
- Consider temporarily restricting label creation and SVG upload permissions to trusted users
Patch Information
The vulnerability is fixed in CVAT version 2.55.0. The fix involves changing how SVG content is handled in the canvas rendering components, specifically replacing unsafe innerHTML string assignment with type-safe DOM manipulation using replaceChildren() and properly typed SVGSVGElement parameters.
For detailed patch information, refer to the GitHub Security Advisory GHSA-3m7p-wx65-c7mp and the commit 40800707fe39e3ff76c8d036eb953eb12d764e70.
Workarounds
- Restrict access to label creation and modification features to trusted administrators only
- Disable or restrict SVG upload functionality for skeleton configuration until patching
- Implement server-side SVG sanitization to strip scripts and event handlers before storage
- Deploy a Web Application Firewall (WAF) rule to detect and block SVG XSS payloads
# Example: Restrict CVAT permissions via docker-compose environment
# Add to your docker-compose.override.yml
services:
cvat_server:
environment:
# Restrict label editing to admins while awaiting patch
CVAT_RESTRICT_LABEL_EDIT: "admin_only"
# Enable CSP headers for XSS mitigation
CVAT_CSP_ENABLED: "true"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
