CNNVD-202511-2019 Information
Nov 18, 2025
cve
CNNVD ID
CNNVD-202511-2019
Related CVE
- CNNVD Published: 2025-11-18
Description (Chinese)
Cinnamon kotaemon是Cinnamon开源的一个基于RAG的开源工具。 Cinnamon kotaemon 0.11.0版本存在安全漏洞,该漏洞源于跨站脚本,可能导致执行任意代码。
Description (English)
Cinnamon Kotaemon is an RAG-based open source tool for Cinnamon. Version 0.11.0 of Cinnamon Kotaemon has a security loophole, which originated in a cross-site script and could lead to the implementation of any code.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Cinnamon
Published
2025-11-18
Last Modified
2026-02-24
References
https://github.com/Cinnamon/kotaemon https://skinny-exoplanet-584.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-22cd1563bd3380458588eb49f361a363 https://github.com/Cinnamon/kotaemon/commit/37cdc28 https://github.com/HanTul/Kotaemon-CVE-2025-56526-56527-disclosure https://access.redhat.com/security/cve/cve-2025-56526
Share on: