Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-44369

CVE-2026-44369: CVAT Annotation Tool XSS Vulnerability

CVE-2026-44369 is a cross-site scripting flaw in CVAT annotation tool allowing attackers to inject malicious JavaScript into annotation guides. This post covers the technical details, affected versions, and mitigation steps.

Published:

CVE-2026-44369 Overview

CVE-2026-44369 is a stored Cross-Site Scripting (XSS) vulnerability in Computer Vision Annotation Tool (CVAT), an open source platform for video and image annotation. The flaw affects versions 2.5.0 through 2.63.0. An attacker with permission to create or edit a task annotation guide can inject malicious JavaScript that executes in the browser of any user who views the guide. The injected code runs with the victim's session privileges and can issue arbitrary requests to the CVAT backend. The maintainers fixed this issue in version 2.64.0. The weakness is classified under [CWE-80] (Improper Neutralization of Script-Related HTML Tags in a Web Page).

Critical Impact

Authenticated attackers can execute arbitrary JavaScript in victim browsers and perform actions in CVAT using the victim's privileges, including data theft and account takeover scenarios.

Affected Products

  • CVAT versions 2.5.0 through 2.63.0
  • Self-hosted CVAT deployments using affected releases
  • CVAT instances exposing annotation guide functionality to multiple users

Discovery Timeline

  • 2026-05-13 - CVE-2026-44369 published to NVD
  • 2026-05-13 - Last updated in NVD database

Technical Details for CVE-2026-44369

Vulnerability Analysis

The vulnerability resides in the CVAT annotation guide feature. Annotation guides are user-authored instructions attached to tasks to help annotators perform labeling work. The application renders guide content in the browser without sufficient neutralization of script-related HTML tags. An attacker who can create or modify a guide can embed JavaScript payloads that the browser executes when another user opens the guide.

Because the payload runs in the authenticated victim's origin, it inherits the victim's session and CSRF context. The attacker can call any CVAT API the victim is authorized to invoke. This includes reading project data, modifying annotations, manipulating users, or exfiltrating tokens. The attack does not require the victim to be an administrator, but the impact escalates significantly when a privileged user opens the malicious guide.

Root Cause

The root cause is improper neutralization of HTML script-related tags in user-supplied annotation guide content, consistent with [CWE-80]. The renderer treats guide markup as trusted and fails to strip or encode active content before insertion into the DOM. Output encoding and a strict allow-list sanitizer were not applied to the guide rendering path prior to version 2.64.0.

Attack Vector

Exploitation requires an authenticated account with permission to create or edit an annotation guide on a task. The attacker submits a guide containing a JavaScript payload. When a victim opens the task and loads the guide, the browser parses and executes the embedded script in the CVAT origin. The script can then issue authenticated requests using the victim's cookies or tokens. User interaction is required, since the victim must open the affected guide.

No verified public exploit code is available. See the GitHub Security Advisory and the GitHub Commit Details for the technical fix.

Detection Methods for CVE-2026-44369

Indicators of Compromise

  • Annotation guide records containing <script>, onerror=, onload=, or javascript: substrings in guide markdown or HTML fields
  • Unexpected outbound HTTP requests from CVAT user sessions targeting /api/users, /api/tasks, or token endpoints shortly after opening a task
  • Audit log entries showing guide edits by accounts that do not normally author guides

Detection Strategies

  • Query the CVAT database for annotation guide content matching script tag patterns or event handler attributes
  • Inspect web server access logs for guide retrieval followed by anomalous API calls from the same session
  • Monitor browser Content Security Policy (CSP) violation reports if CSP is enabled on the CVAT frontend

Monitoring Recommendations

  • Enable and centralize CVAT application and audit logs to capture guide create and update events
  • Alert on guide edits performed outside normal working hours or by newly created accounts
  • Track API call volume per session and flag sudden bursts that follow guide views

How to Mitigate CVE-2026-44369

Immediate Actions Required

  • Upgrade all CVAT instances to version 2.64.0 or later
  • Review existing annotation guides for embedded scripts or suspicious HTML and remove malicious content
  • Audit task and project permissions to restrict guide editing to trusted users only
  • Force a password reset and token rotation for any account that may have viewed a malicious guide

Patch Information

The fix is included in CVAT 2.64.0. The corrective commit is published at GitHub Commit Details and the advisory at GitHub Security Advisory. The patch introduces sanitization of annotation guide content before rendering.

Workarounds

  • Limit guide creation and edit permissions to a small set of vetted administrators until patched
  • Deploy a strict Content Security Policy that blocks inline scripts on the CVAT frontend
  • Temporarily disable the annotation guide feature for shared or multi-tenant deployments where upgrade is not immediate
bash
# Upgrade CVAT to a fixed release using Docker Compose
git fetch --tags
git checkout v2.64.0
docker compose pull
docker compose up -d

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne