{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25516", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-02T18:21:42.487Z", "datePublished": "2026-02-06T21:12:19.501Z", "dateUpdated": "2026-02-09T15:27:15.351Z"}, "containers": {"cna": {"title": "NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v82v-c5x8-w282", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v82v-c5x8-w282"}, {"name": "https://github.com/zauberzeug/nicegui/commit/f1f7533577875af7d23f161ed3627f73584cb561", "tags": ["x_refsource_MISC"], "url": "https://github.com/zauberzeug/nicegui/commit/f1f7533577875af7d23f161ed3627f73584cb561"}], "affected": [{"vendor": "zauberzeug", "product": "nicegui", "versions": [{"version": "< 3.7.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T21:12:19.501Z"}, "descriptions": [{"lang": "en", "value": "NiceGUI is a Python-based UI framework. The ui.markdown() component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content through ui.markdown(), an attacker can inject malicious HTML containing JavaScript event handlers. Unlike other NiceGUI components that render HTML (ui.html(), ui.chat_message(), ui.interactive_image()), the ui.markdown() component does not provide or require a sanitize parameter, leaving applications vulnerable to XSS attacks. This vulnerability is fixed in 3.7.0."}], "source": {"advisory": "GHSA-v82v-c5x8-w282", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-09T15:19:21.019601Z", "id": "CVE-2026-25516", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:27:15.351Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25516", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-09T15:19:21.019601Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-09T15:19:21.745Z"}}], "cna": {"title": "NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content", "source": {"advisory": "GHSA-v82v-c5x8-w282", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "zauberzeug", "product": "nicegui", "versions": [{"status": "affected", "version": "< 3.7.0"}]}], "references": [{"url": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v82v-c5x8-w282", "name": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v82v-c5x8-w282", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/zauberzeug/nicegui/commit/f1f7533577875af7d23f161ed3627f73584cb561", "name": "https://github.com/zauberzeug/nicegui/commit/f1f7533577875af7d23f161ed3627f73584cb561", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "NiceGUI is a Python-based UI framework. The ui.markdown() component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content through ui.markdown(), an attacker can inject malicious HTML containing JavaScript event handlers. Unlike other NiceGUI components that render HTML (ui.html(), ui.chat_message(), ui.interactive_image()), the ui.markdown() component does not provide or require a sanitize parameter, leaving applications vulnerable to XSS attacks. This vulnerability is fixed in 3.7.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-06T21:12:19.501Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25516", "state": "PUBLISHED", "dateUpdated": "2026-02-09T15:27:15.351Z", "dateReserved": "2026-02-02T18:21:42.487Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-06T21:12:19.501Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zauberzeug:nicegui:*:*:*:*:*:*:*:*", "matchCriteriaId": "68362D51-C57A-4D2E-A22C-8BAA68A4CBD2", "versionEndExcluding": "3.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "NiceGUI is a Python-based UI framework. The ui.markdown() component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content through ui.markdown(), an attacker can inject malicious HTML containing JavaScript event handlers. Unlike other NiceGUI components that render HTML (ui.html(), ui.chat_message(), ui.interactive_image()), the ui.markdown() component does not provide or require a sanitize parameter, leaving applications vulnerable to XSS attacks. This vulnerability is fixed in 3.7.0."}, {"lang": "es", "value": "NiceGUI es un framework de interfaz de usuario (UI) basado en Python. El componente ui.markdown() utiliza la biblioteca markdown2 para convertir contenido markdown a HTML, que luego se renderiza a trav\u00e9s de innerHTML. Por defecto, markdown2 permite que el HTML sin procesar pase sin cambios. Esto significa que si una aplicaci\u00f3n renderiza contenido controlado por el usuario a trav\u00e9s de ui.markdown(), un atacante puede inyectar HTML malicioso que contenga manejadores de eventos de JavaScript. A diferencia de otros componentes de NiceGUI que renderizan HTML (ui.html(), ui.chat_message(), ui.interactive_image()), el componente ui.markdown() no proporciona ni requiere un par\u00e1metro de saneamiento, dejando las aplicaciones vulnerables a ataques XSS. Esta vulnerabilidad se corrige en la versi\u00f3n 3.7.0."}], "id": "CVE-2026-25516", "lastModified": "2026-02-20T15:43:23.177", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-06T22:16:11.300", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/zauberzeug/nicegui/commit/f1f7533577875af7d23f161ed3627f73584cb561"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/zauberzeug/nicegui/security/advisories/GHSA-v82v-c5x8-w282"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-17T22:23:43.503331+00:00", "value": {"mitigation_remediation": ["Upgrade NiceGUI to version 3.7.0 or later, which removes the raw\u2011HTML handling in ui.markdown().", "If an upgrade is not immediately possible, ensure that any user input sent to ui.markdown() is first sanitized to strip or encode raw HTML tags before rendering.", "Apply a restrictive Content Security Policy that disallows inline scripts and event handlers to mitigate the impact of any remaining XSS payloads."], "summary": {"action": "Patch", "impact": "Cross\u2011Site Scripting that allows arbitrary JavaScript execution"}, "threat_synthesis": {"affected_systems": "The flaw exists in all versions of the NiceGUI Python UI framework released before the 3.7.0 update. Any deployment that accepts or displays Markdown input via ui.markdown() is affected.", "description_and_impact": "NiceGUI\u2019s ui.markdown() component converts Markdown to HTML with markdown2, which permits raw HTML to pass through unchanged. When an application renders user\u2011controlled content via ui.markdown(), an attacker can embed malicious HTML containing JavaScript event handlers. The resulting vulnerability is a classic XSS flaw (CWE\u201179) that lets attackers execute arbitrary code in the victim\u2019s browser, potentially stealing data or hijacking sessions.", "risk_and_exploitability": "The CVSS score of 6.1 indicates a moderate severity. EPSS shows a probability of exploitation below 1\u202f%, suggesting attacks are not yet common, and the vulnerability is not listed in the CISA KEV catalog. Attackers can exploit this vector by providing malicious Markdown content through any user\u2011input channel that the application forwards to ui.markdown(). The described attack surface is inferred from the fact that user input is passed directly to the component; no additional privileges or network access are required."}}}}, "created": "2026-02-09T10:49:50.591155+00:00", "updated": "2026-04-17T22:30:29.593420+00:00", "vendors": ["zauberzeug", "zauberzeug$PRODUCT$nicegui"]}