Description
A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. Upgrading to version release.2026-04-21T08-57-20Z.1513 will fix this issue. The affected component should be upgraded. The vendor confirms: "The default branch of teableio/teable is develop, and the reported login redirect issue has already been fixed there. The login redirect flow now validates the redirect parameter with isValidRedirectPath() before navigation, which blocks javascript:, data:, and cross-origin redirects."
Published: 2026-05-26
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A cross‑site scripting flaw was discovered in Teable’s login page, where an attacker may manipulate the redirect argument to embed malicious JavaScript. The vulnerability can lead to execution of arbitrary code in the victim’s browser, potentially allowing session hijacking, credential theft, or defacement. It exploits a classic CWE‑79 input validation error, triggered by unfiltered redirect URLs that include javascript: or data: schemes.

Affected Systems

The issue affects Teable versions up to 1.9.x. The product is Teable, a cloud‑based data management platform. The fix is released in version release.2026-04-21T08-57-20Z.1513 and later releases have applied validation to the redirect parameter.

Risk and Exploitability

With a CVSS score of 5.3 the flaw presents moderate risk; the EPSS score is unavailable and it is not listed in CISA’s KEV catalogue, though publicly available exploits have been reported. The attack is remotely exploitable by directing users to a crafted login URL and can be performed without privileged access. The vulnerability’s effectiveness depends on the attacker’s ability to send users to a malicious redirect, making it a reach‑out threat for phishing or social‑engineering campaigns.

Generated by OpenCVE AI on May 26, 2026 at 19:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Teable release.2026-04-21T08-57-20Z.1513 or a later version that includes the redirect validation fix.
  • If an upgrade cannot be performed immediately, modify the login redirect logic to reject URLs that begin with javascript:, data:, or that target cross‑origin domains, implementing the isValidRedirectPath() check exposed in the source repository.
  • Enforce server‑side whitelist validation that limits redirect destinations to approved internal paths and ensure that all user‑supplied redirect parameters are properly sanitized before being embedded in the response.

Generated by OpenCVE AI on May 26, 2026 at 19:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 18:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was identified in teableio teable up to 1.9.x. This impacts an unknown function of the file apps/nextjs-app/src/features/auth/pages/LoginPage.tsx of the component Sign-up. The manipulation of the argument redirect leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. Upgrading to version release.2026-04-21T08-57-20Z.1513 will fix this issue. The affected component should be upgraded. The vendor confirms: "The default branch of teableio/teable is develop, and the reported login redirect issue has already been fixed there. The login redirect flow now validates the redirect parameter with isValidRedirectPath() before navigation, which blocks javascript:, data:, and cross-origin redirects."
Title teableio teable Sign-up LoginPage.tsx cross site scripting
First Time appeared Teableio
Teableio teable
Weaknesses CWE-79
CWE-94
CPEs cpe:2.3:a:teableio:teable:*:*:*:*:*:*:*:*
Vendors & Products Teableio
Teableio teable
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Teableio Teable
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-27T13:12:06.625Z

Reserved: 2026-05-26T10:48:11.353Z

Link: CVE-2026-9566

cve-icon Vulnrichment

Updated: 2026-05-27T13:12:03.049Z

cve-icon NVD

Status : Deferred

Published: 2026-05-26T18:16:58.720

Modified: 2026-05-26T19:37:00.120

Link: CVE-2026-9566

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T21:45:16Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

  • CWE-94

    Improper Control of Generation of Code ('Code Injection')