NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-44369

Summary	CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation guide. This code will be able to make arbitrary requests to CVAT with the victim user's privileges. This vulnerability is fixed in 2.64.0.
Publication Date	May 14, 2026, 7:16 a.m.
Registration Date	May 15, 2026, 4:23 a.m.
Last Update	May 15, 2026, 3:19 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/cvat-ai/cvat/commit/ad9e90003d8234ac7602598b109dc11450321dfc	security-advisories@github.com
2	https://github.com/cvat-ai/cvat/security/advisories/GHSA-m2h7-6xqm-p9v5	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-80	クロスサイトスクリプティング (Basic XSS)	https://cwe.mitre.org/data/definitions/80.html