CNNVD-202511-2018 Information

CNNVD ID

CNNVD-202511-2018

Related CVE

CVE-2025-56527

• CNNVD Published: 2025-11-18

Description (Chinese)

Cinnamon kotaemon是Cinnamon开源的一个基于RAG的开源工具。 Cinnamon kotaemon 0.11.0版本存在安全漏洞，该漏洞源于客户端localStorage中存储明文密码。

Description (English)

Cinnamon Kotaemon is an RAG-based open source tool for Cinnamon. Version 0.11.0 of Cinnamon Kotaemon contains a security loophole, which originates from the storage of the specified password in the localStorage of the client.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Cinnamon

Published

2025-11-18

Last Modified

2026-02-24

References

https://github.com/Cinnamon/kotaemon https://github.com/Cinnamon/kotaemon/commit/37cdc28 https://skinny-exoplanet-584.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-22cd1563bd3380458588eb49f361a363?pvs=74 https://github.com/HanTul/Kotaemon-CVE-2025-56526-56527-disclosure https://access.redhat.com/security/cve/cve-2025-56527