{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22033", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-01-05T22:30:38.719Z", "datePublished": "2026-01-12T17:47:34.060Z", "dateUpdated": "2026-01-12T18:12:36.147Z"}, "containers": {"cna": {"title": "Label Studio vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-2mq9-hm29-8qch", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-2mq9-hm29-8qch"}, {"name": "https://github.com/HumanSignal/label-studio/pull/9084", "tags": ["x_refsource_MISC"], "url": "https://github.com/HumanSignal/label-studio/pull/9084"}, {"name": "https://github.com/HumanSignal/label-studio/commit/ea2462bf042bbf370b79445d02a205fbe547b505", "tags": ["x_refsource_MISC"], "url": "https://github.com/HumanSignal/label-studio/commit/ea2462bf042bbf370b79445d02a205fbe547b505"}], "affected": [{"vendor": "HumanSignal", "product": "label-studio", "versions": [{"version": "<= 1.22.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-12T17:47:34.060Z"}, "descriptions": [{"lang": "en", "value": "Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS) vulnerability exists in the custom_hotkeys functionality of the application. An authenticated attacker (or one who can trick a user/administrator into updating their custom_hotkeys) can inject JavaScript code that executes in other users\u2019 browsers when those users load any page using the templates/base.html template. Because the application exposes an API token endpoint (/api/current-user/token) to the browser and lacks robust CSRF protection on some API endpoints, the injected script may fetch the victim\u2019s API token or call token reset endpoints \u2014 enabling full account takeover and unauthorized API access."}], "source": {"advisory": "GHSA-2mq9-hm29-8qch", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-12T18:10:50.787745Z", "id": "CVE-2026-22033", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T18:12:36.147Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22033", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-12T18:10:50.787745Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-12T18:12:27.696Z"}}], "cna": {"title": "Label Studio vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field", "source": {"advisory": "GHSA-2mq9-hm29-8qch", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "HumanSignal", "product": "label-studio", "versions": [{"status": "affected", "version": "<= 1.22.0"}]}], "references": [{"url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-2mq9-hm29-8qch", "name": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-2mq9-hm29-8qch", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/HumanSignal/label-studio/pull/9084", "name": "https://github.com/HumanSignal/label-studio/pull/9084", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/HumanSignal/label-studio/commit/ea2462bf042bbf370b79445d02a205fbe547b505", "name": "https://github.com/HumanSignal/label-studio/commit/ea2462bf042bbf370b79445d02a205fbe547b505", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS) vulnerability exists in the custom_hotkeys functionality of the application. An authenticated attacker (or one who can trick a user/administrator into updating their custom_hotkeys) can inject JavaScript code that executes in other users\u2019 browsers when those users load any page using the templates/base.html template. Because the application exposes an API token endpoint (/api/current-user/token) to the browser and lacks robust CSRF protection on some API endpoints, the injected script may fetch the victim\u2019s API token or call token reset endpoints \u2014 enabling full account takeover and unauthorized API access."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-01-12T17:47:34.060Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22033", "state": "PUBLISHED", "dateUpdated": "2026-01-12T18:12:36.147Z", "dateReserved": "2026-01-05T22:30:38.719Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-01-12T17:47:34.060Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:humansignal:label_studio:*:*:*:*:*:*:*:*", "matchCriteriaId": "F483F4A6-2480-41F3-B530-13FF4F28EE3B", "versionEndIncluding": "1.22.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS) vulnerability exists in the custom_hotkeys functionality of the application. An authenticated attacker (or one who can trick a user/administrator into updating their custom_hotkeys) can inject JavaScript code that executes in other users\u2019 browsers when those users load any page using the templates/base.html template. Because the application exposes an API token endpoint (/api/current-user/token) to the browser and lacks robust CSRF protection on some API endpoints, the injected script may fetch the victim\u2019s API token or call token reset endpoints \u2014 enabling full account takeover and unauthorized API access."}], "id": "CVE-2026-22033", "lastModified": "2026-01-27T20:39:07.483", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-01-12T18:15:48.837", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/HumanSignal/label-studio/commit/ea2462bf042bbf370b79445d02a205fbe547b505"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking"], "url": "https://github.com/HumanSignal/label-studio/pull/9084"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-2mq9-hm29-8qch"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}, {"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T19:15:51.882589+00:00", "value": {"mitigation_remediation": ["Upgrade Label Studio to the latest released version that resolves the custom_hotkeys XSS vulnerability.", "For environments that cannot be upgraded immediately, clear or sanitize the custom_hotkeys configuration so that it cannot contain executable JavaScript.", "Enable CSRF protection across all token\u2011related API endpoints, especially /api/current-user/token and any token reset routes.", "Restrict access to the token retrieval endpoint by enforcing stricter authentication scopes or moving token retrieval logic to server\u2011side processing only."], "summary": {"action": "Patch Immediately", "impact": "Full Account Takeover"}, "threat_synthesis": {"affected_systems": "The affected product is HumanSignal Label Studio version\u202f1.22.0 and all earlier releases. The description does not specify a patch version, but the vulnerability is limited to these pre\u20111.22.0 releases.", "description_and_impact": "Label Studio 1.22.0 and earlier contains a persistent stored cross\u2011site scripting flaw in the custom_hotkeys configuration field. When an attacker can inject malicious JavaScript through this field\u2014either by authenticating to the system or by persuading a user to modify their hotkeys\u2014the code executes in the browsers of every user who visits any page that renders the templates/base.html template. Because the application exposes an API token endpoint (/api/current-user/token) and does not provide robust CSRF protection on several token\u2011related routes, the injected script can fetch or reset the victim\u2019s API token, granting the attacker full control over the compromised account and unrestricted programmatic access.", "risk_and_exploitability": "The CVSS score of 8.6 indicates a high severity potential. The EPSS score of less than 1% suggests that exploitation in the wild is expected to be rare, and the vulnerability is not listed in CISA\u2019s KEV catalog. The attack vector is browser\u2011based; an attacker only needs to inject the malicious custom_hotkeys payload from an authenticated session or convince a user to do so. Once the payload is present, other users who load pages using the base template are impacted, and the script can exfiltrate API tokens or trigger a reset, enabling full account takeover."}}}}, "created": "2026-01-13T09:27:36.051893+00:00", "updated": "2026-04-18T19:30:08.950063+00:00", "vendors": ["humansignal", "humansignal$PRODUCT$label_studio"]}