Description
Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS) vulnerability exists in the custom_hotkeys functionality of the application. An authenticated attacker (or one who can trick a user/administrator into updating their custom_hotkeys) can inject JavaScript code that executes in other users’ browsers when those users load any page using the templates/base.html template. Because the application exposes an API token endpoint (/api/current-user/token) to the browser and lacks robust CSRF protection on some API endpoints, the injected script may fetch the victim’s API token or call token reset endpoints — enabling full account takeover and unauthorized API access.
Published: 2026-01-12
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Full Account Takeover
Action: Patch Immediately
AI Analysis

Impact

Label Studio 1.22.0 and earlier contains a persistent stored cross‑site scripting flaw in the custom_hotkeys configuration field. When an attacker can inject malicious JavaScript through this field—either by authenticating to the system or by persuading a user to modify their hotkeys—the code executes in the browsers of every user who visits any page that renders the templates/base.html template. Because the application exposes an API token endpoint (/api/current-user/token) and does not provide robust CSRF protection on several token‑related routes, the injected script can fetch or reset the victim’s API token, granting the attacker full control over the compromised account and unrestricted programmatic access.

Affected Systems

The affected product is HumanSignal Label Studio version 1.22.0 and all earlier releases. The description does not specify a patch version, but the vulnerability is limited to these pre‑1.22.0 releases.

Risk and Exploitability

The CVSS score of 8.6 indicates a high severity potential. The EPSS score of less than 1% suggests that exploitation in the wild is expected to be rare, and the vulnerability is not listed in CISA’s KEV catalog. The attack vector is browser‑based; an attacker only needs to inject the malicious custom_hotkeys payload from an authenticated session or convince a user to do so. Once the payload is present, other users who load pages using the base template are impacted, and the script can exfiltrate API tokens or trigger a reset, enabling full account takeover.

Generated by OpenCVE AI on April 18, 2026 at 19:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Label Studio to the latest released version that resolves the custom_hotkeys XSS vulnerability.
  • For environments that cannot be upgraded immediately, clear or sanitize the custom_hotkeys configuration so that it cannot contain executable JavaScript.
  • Enable CSRF protection across all token‑related API endpoints, especially /api/current-user/token and any token reset routes.
  • Restrict access to the token retrieval endpoint by enforcing stricter authentication scopes or moving token retrieval logic to server‑side processing only.

Generated by OpenCVE AI on April 18, 2026 at 19:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2mq9-hm29-8qch Label Studio is vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field
History

Tue, 27 Jan 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:humansignal:label_studio:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Tue, 13 Jan 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Humansignal
Humansignal label Studio
Vendors & Products Humansignal
Humansignal label Studio

Mon, 12 Jan 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 12 Jan 2026 18:00:00 +0000

Type Values Removed Values Added
Description Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS) vulnerability exists in the custom_hotkeys functionality of the application. An authenticated attacker (or one who can trick a user/administrator into updating their custom_hotkeys) can inject JavaScript code that executes in other users’ browsers when those users load any page using the templates/base.html template. Because the application exposes an API token endpoint (/api/current-user/token) to the browser and lacks robust CSRF protection on some API endpoints, the injected script may fetch the victim’s API token or call token reset endpoints — enabling full account takeover and unauthorized API access.
Title Label Studio vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field
Weaknesses CWE-284
CWE-79
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Humansignal Label Studio
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-12T18:12:36.147Z

Reserved: 2026-01-05T22:30:38.719Z

Link: CVE-2026-22033

cve-icon Vulnrichment

Updated: 2026-01-12T18:12:27.696Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-12T18:15:48.837

Modified: 2026-01-27T20:39:07.483

Link: CVE-2026-22033

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T19:30:08Z

Weaknesses