{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33664", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-23T15:23:42.220Z", "datePublished": "2026-03-26T21:13:12.467Z", "dateUpdated": "2026-03-27T13:55:17.704Z"}, "containers": {"cna": {"title": "Kestra Vulnerable to Stored Cross-Site Scripting via Flow YAML Fields", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "lang": "en", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/kestra-io/kestra/security/advisories/GHSA-v2mc-8q95-g7hp", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kestra-io/kestra/security/advisories/GHSA-v2mc-8q95-g7hp"}], "affected": [{"vendor": "kestra-io", "product": "kestra", "versions": [{"version": "<= 1.3.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T21:13:12.467Z"}, "descriptions": [{"lang": "en", "value": "Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields \u2014 description, inputs[].displayName, inputs[].description \u2014 through the Markdown.vue component instantiated with html: true. The resulting HTML is injected into the DOM via Vue's v-html without any sanitization. This allows a flow author to embed arbitrary JavaScript that executes in the browser of any user who views or interacts with the flow. This is distinct from GHSA-r36c-83hm-pc8j / CVE-2026-29082, which covers only FilePreview.vue rendering .md files from execution outputs. The present finding affects different components, different data sources, and requires significantly less user interaction (zero-click for input.displayName). As of time of publication, it is unclear if a patch is available."}], "source": {"advisory": "GHSA-v2mc-8q95-g7hp", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/kestra-io/kestra/security/advisories/GHSA-v2mc-8q95-g7hp", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T13:32:52.598480Z", "id": "CVE-2026-33664", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T13:55:17.704Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33664", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-27T13:32:52.598480Z"}}}], "references": [{"url": "https://github.com/kestra-io/kestra/security/advisories/GHSA-v2mc-8q95-g7hp", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T13:32:44.415Z"}}], "cna": {"title": "Kestra Vulnerable to Stored Cross-Site Scripting via Flow YAML Fields", "source": {"advisory": "GHSA-v2mc-8q95-g7hp", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "kestra-io", "product": "kestra", "versions": [{"status": "affected", "version": "<= 1.3.3"}]}], "references": [{"url": "https://github.com/kestra-io/kestra/security/advisories/GHSA-v2mc-8q95-g7hp", "name": "https://github.com/kestra-io/kestra/security/advisories/GHSA-v2mc-8q95-g7hp", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields \u2014 description, inputs[].displayName, inputs[].description \u2014 through the Markdown.vue component instantiated with html: true. The resulting HTML is injected into the DOM via Vue's v-html without any sanitization. This allows a flow author to embed arbitrary JavaScript that executes in the browser of any user who views or interacts with the flow. This is distinct from GHSA-r36c-83hm-pc8j / CVE-2026-29082, which covers only FilePreview.vue rendering .md files from execution outputs. The present finding affects different components, different data sources, and requires significantly less user interaction (zero-click for input.displayName). As of time of publication, it is unclear if a patch is available."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-26T21:13:12.467Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33664", "state": "PUBLISHED", "dateUpdated": "2026-03-27T13:55:17.704Z", "dateReserved": "2026-03-23T15:23:42.220Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-26T21:13:12.467Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kestra:kestra:*:*:*:*:*:*:*:*", "matchCriteriaId": "607D5BF1-96C9-4F37-B94C-EA1A224FAFAD", "versionEndIncluding": "1.3.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields \u2014 description, inputs[].displayName, inputs[].description \u2014 through the Markdown.vue component instantiated with html: true. The resulting HTML is injected into the DOM via Vue's v-html without any sanitization. This allows a flow author to embed arbitrary JavaScript that executes in the browser of any user who views or interacts with the flow. This is distinct from GHSA-r36c-83hm-pc8j / CVE-2026-29082, which covers only FilePreview.vue rendering .md files from execution outputs. The present finding affects different components, different data sources, and requires significantly less user interaction (zero-click for input.displayName). As of time of publication, it is unclear if a patch is available."}, {"lang": "es", "value": "Kestra es una plataforma de orquestaci\u00f3n de c\u00f3digo abierto impulsada por eventos. Las versiones hasta la 1.3.3 inclusive renderizan los campos de metadatos YAML de flujo proporcionados por el usuario \u2014 description, inputs[].displayName, inputs[].description \u2014 a trav\u00e9s del componente Markdown.vue instanciado con html: true. El HTML resultante se inyecta en el DOM a trav\u00e9s de v-html de Vue sin ninguna sanitizaci\u00f3n. Esto permite a un autor de flujo incrustar JavaScript arbitrario que se ejecuta en el navegador de cualquier usuario que vea o interact\u00fae con el flujo. Esto es distinto de GHSA-r36c-83hm-pc8j / CVE-2026-29082, que cubre solo la renderizaci\u00f3n de archivos .md por FilePreview.vue a partir de las salidas de ejecuci\u00f3n. El hallazgo actual afecta a diferentes componentes, diferentes fuentes de datos y requiere significativamente menos interacci\u00f3n del usuario (cero clics para input.displayName). Al momento de la publicaci\u00f3n, no est\u00e1 claro si hay un parche disponible."}], "id": "CVE-2026-33664", "lastModified": "2026-03-31T01:48:34.413", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-26T22:16:29.727", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/kestra-io/kestra/security/advisories/GHSA-v2mc-8q95-g7hp"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Mitigation", "Vendor Advisory"], "url": "https://github.com/kestra-io/kestra/security/advisories/GHSA-v2mc-8q95-g7hp"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.3.3]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "kestra", "source": "cna", "vendor": "kestra-io"}, "product": "kestra", "vendor": "kestra-io"}], "analysis": {"en": {"generated_at": "2026-03-31T06:06:29.604403+00:00", "value": {"mitigation_remediation": ["Apply any available Kestra patch or upgrade to a version newer than\u202f1.3.3 that removes the unsanitized rendering", "If no patch is released, disable the html option in the Markdown.vue component or manually sanitize the submitted YAML fields before rendering", "Restrict flow creation and editing privileges to trusted users only to limit who can inject malicious content", "Deploy a strict Content Security Policy on the Kestra web interface to mitigate the impact of any script execution", "Monitor application logs and user activity for signs of malicious script injection or execution"], "summary": {"action": "Patch", "impact": "Stored cross\u2011site scripting that allows arbitrary JavaScript execution in the Kestra web interface"}, "threat_synthesis": {"affected_systems": "This vulnerability exists in all releases of Kestra up to and including version\u202f1.3.3 issued by kestra\u2011io, affecting the Markdown.vue renderer used for flow metadata fields such as description, inputs[].displayName, and inputs[].description.", "description_and_impact": "Kestra renders user\u2011supplied metadata from flow YAML files through a Markdown component with HTML enabled. The rendered content is directly injected into the page via Vue's v\u2011html directive without sanitization, allowing a flow author to embed malicious JavaScript. When any user views or interacts with the affected flow, the script executes in that user's browser, potentially stealing credentials or executing further actions.", "risk_and_exploitability": "The flaw carries a CVSS score of\u202f7.3, indicating high severity, while its EPSS score is below\u202f1\u202f% and it is not listed in the CISA KEV catalog, pointing to low probability of widespread exploitation. Nonetheless, the attack does not require any interaction from the victim beyond opening the flow, as the payload is stored and executed automatically. An attacker who can author or modify flows can leverage this to run arbitrary JavaScript in the context of any viewer\u2019s session."}}}}, "created": "2026-03-27T08:31:47.483084+00:00", "updated": "2026-03-31T20:01:28.067719+00:00", "vendors": ["kestra-io", "kestra-io$PRODUCT$kestra"]}