Description
CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation guide. This code will be able to make arbitrary requests to CVAT with the victim user's privileges. This vulnerability is fixed in 2.64.0.
Published: 2026-05-13
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stored cross‑site scripting flaw exists in the annotation guide feature of CVAT. Attacks that can create or edit an annotation guide on a task may insert malicious JavaScript, which then executes in the browser whenever anyone opens that guide. The injected code can perform arbitrary requests using the victim’s account credentials, enabling the attacker to read or modify data, or potentially alter the system’s configuration. This results in a loss of confidentiality, integrity, and availability of the data accessed by the victim’s session.

Affected Systems

CVAT version 2.5.0 through 2.63.0 is affected. The product is maintained by cvat‑ai and released as open‑source software. Any installation using these versions that allows users to create or edit annotation guides is vulnerable.

Risk and Exploitability

The flaw carries a CVSS score of 8.5 and is not listed in CISA KEV. The EPSS score is not available, indicating no publicly known exploitation data yet. Exploitation requires that the attacker has permissions to create or edit a guide and that a victim subsequently views the guide in a browser. Because the code executes within the target’s session, an attacker can perform further actions on behalf of that user. Although the vulnerability is browser‑based, the high severity and potential for privilege escalation warrant prompt attention.

Generated by OpenCVE AI on May 13, 2026 at 22:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade any vulnerable CVAT installation to version 2.64.0 or later, which removes the ability to inject unsanitized JavaScript.
  • Re‑configure the system so that only trusted or administrative accounts can create or edit annotation guides, reducing the attack surface.
  • Enforce proper input sanitization and escaping for all user‑supplied data that may be rendered in annotation guides, following CWE‑80 mitigation practices.

Generated by OpenCVE AI on May 13, 2026 at 22:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 15 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Cvat-ai
Cvat-ai cvat
Vendors & Products Cvat-ai
Cvat-ai cvat

Wed, 13 May 2026 21:45:00 +0000

Type Values Removed Values Added
Description CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation guide. This code will be able to make arbitrary requests to CVAT with the victim user's privileges. This vulnerability is fixed in 2.64.0.
Title CVAT: Stored XSS via annotation guides
Weaknesses CWE-80
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Cvat-ai Cvat
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-15T18:13:25.009Z

Reserved: 2026-05-05T20:15:20.631Z

Link: CVE-2026-44369

cve-icon Vulnrichment

Updated: 2026-05-15T18:12:41.753Z

cve-icon NVD

Status : Deferred

Published: 2026-05-13T22:16:43.963

Modified: 2026-05-14T18:19:25.260

Link: CVE-2026-44369

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T22:30:06Z

Weaknesses