{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28509", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-27T20:57:47.709Z", "datePublished": "2026-03-06T04:16:58.761Z", "dateUpdated": "2026-03-06T16:07:49.499Z"}, "containers": {"cna": {"title": "LangBot has a Cross Site Scripting(XSS) Vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/langbot-app/LangBot/security/advisories/GHSA-w8gq-g4pc-xh3h", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/langbot-app/LangBot/security/advisories/GHSA-w8gq-g4pc-xh3h"}, {"name": "https://github.com/langbot-app/LangBot/commit/614621ab7b84fe50da3c6137705cde5a99429866", "tags": ["x_refsource_MISC"], "url": "https://github.com/langbot-app/LangBot/commit/614621ab7b84fe50da3c6137705cde5a99429866"}], "affected": [{"vendor": "langbot-app", "product": "LangBot", "versions": [{"version": "< 4.8.7", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-06T04:16:58.761Z"}, "descriptions": [{"lang": "en", "value": "LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot\u2019s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting (XSS) vulnerability. This issue has been patched in version 4.8.7."}], "source": {"advisory": "GHSA-w8gq-g4pc-xh3h", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-06T15:50:37.548729Z", "id": "CVE-2026-28509", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T16:07:49.499Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-28509", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-06T15:50:37.548729Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-06T15:50:38.552Z"}}], "cna": {"title": "LangBot has a Cross Site Scripting(XSS) Vulnerability", "source": {"advisory": "GHSA-w8gq-g4pc-xh3h", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "langbot-app", "product": "LangBot", "versions": [{"status": "affected", "version": "< 4.8.7"}]}], "references": [{"url": "https://github.com/langbot-app/LangBot/security/advisories/GHSA-w8gq-g4pc-xh3h", "name": "https://github.com/langbot-app/LangBot/security/advisories/GHSA-w8gq-g4pc-xh3h", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/langbot-app/LangBot/commit/614621ab7b84fe50da3c6137705cde5a99429866", "name": "https://github.com/langbot-app/LangBot/commit/614621ab7b84fe50da3c6137705cde5a99429866", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot\u2019s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting (XSS) vulnerability. This issue has been patched in version 4.8.7."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-06T04:16:58.761Z"}}}, "cveMetadata": {"cveId": "CVE-2026-28509", "state": "PUBLISHED", "dateUpdated": "2026-03-06T16:07:49.499Z", "dateReserved": "2026-02-27T20:57:47.709Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-06T04:16:58.761Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:langbot:langbot:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB4F4942-F13E-40BD-8610-7E1244817691", "versionEndExcluding": "4.8.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot\u2019s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting (XSS) vulnerability. This issue has been patched in version 4.8.7."}, {"lang": "es", "value": "LangBot es una plataforma global de bots de mensajer\u00eda instant\u00e1nea (IM) dise\u00f1ada para LLMs. Antes de la versi\u00f3n 4.8.7, la interfaz de usuario web de LangBot renderiza HTML sin procesar suministrado por el usuario utilizando rehypeRaw, lo que puede llevar a una vulnerabilidad de cross-site scripting (XSS). Este problema ha sido parcheado en la versi\u00f3n 4.8.7."}], "id": "CVE-2026-28509", "lastModified": "2026-03-16T13:35:12.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 4.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-06T05:16:35.590", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/langbot-app/LangBot/commit/614621ab7b84fe50da3c6137705cde5a99429866"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/langbot-app/LangBot/security/advisories/GHSA-w8gq-g4pc-xh3h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.8.7)"}}], "enrichment": {"confidence": 88.0, "confidence_source": "matching", "scores": [{"score": 88.0, "source": "matching"}]}, "original": {"product": "LangBot", "source": "cna", "vendor": "langbot-app"}, "product": "langbot", "vendor": "langbot"}], "analysis": {"en": {"generated_at": "2026-04-17T12:25:46.526622+00:00", "value": {"mitigation_remediation": ["Upgrade LangBot to version 4.8.7 or later to remove the raw HTML rendering capability.", "If an upgrade is not immediately feasible, reconfigure the application to disable the rehypeRaw plugin or enable strict input sanitization before rendering user content.", "Continuously monitor for unsolicited script injections in the UI and audit logs for suspicious activity."], "summary": {"action": "Immediate Patch", "impact": "Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts all installations of LangBot running a version earlier than 4.8.7. The affected product is LangBot from the vendor langbot-app. No specific sub\u2011version ranges are listed beyond the defined cutoff of 4.8.7, so every deployment prior to that release is considered vulnerable.", "description_and_impact": "LangBot, a global IM bot platform for large language models, stores and displays user\u2011supplied content without proper sanitization in its web UI. Prior to version 4.8.7, raw HTML is rendered by the rehypeRaw plugin, allowing a malicious user to inject arbitrary scripts into the page. This forms a cross\u2011site scripting vulnerability that could let an attacker execute code in the browser of any authenticated or unauthenticated user who views the affected page, leading to theft of session tokens, defacement, or other browser\u2011based attacks. The weakness aligns with CWE\u201179, which describes improper neutralization of code in user data.", "risk_and_exploitability": "The CVSS score of 6.3 indicates a moderate severity rating, and the EPSS score of less than 1% suggests exploitation probability is currently low. The vulnerability is not listed in the CISA KEV catalog, implying it has not yet been widely exploited in the wild. Attackers would likely inject a malicious HTML payload via any input field that the bot platform renders, and the injected script would execute in the context of the user\u2019s browser. Because the vulnerability is limited to client\u2011side execution without privileging, the impact is confined to user session compromise rather than full system compromise."}}}}, "created": "2026-03-06T14:55:53.866478+00:00", "updated": "2026-04-17T12:30:06.268771+00:00", "vendors": ["langbot", "langbot$PRODUCT$langbot"]}