CNNVD-202601-3339 Information
CNNVD ID
CNNVD-202601-3339
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
CVAT.ai CVAT是CVAT.ai开源的一个数据处理工具。 CVAT.ai CVAT 2.2.0版本至2.54.0版本存在安全漏洞,该漏洞源于攻击者能够在受害者用户的CVAT UI会话中执行任意JavaScript,可能导致攻击者临时访问受害者用户可访问的所有CVAT资源。
Description (English)
CVAT.ai CVAT is an open source data-processing tool for CVAT.ai. There is a security gap between CVAT.ai CVAT version 2.2.0 and version 2.54.0, which stems from the fact that the attackers are able to enforce any JavaScript in the CVAT UI conversation with the victim, which may result in temporary access by the aggressor to all CVAT resources available to the victim ’ s user.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
CVAT.ai
Published
2026-01-21
Last Modified
2026-02-24
References
https://github.com/cvat-ai/cvat/security/advisories/GHSA-3m7p-wx65-c7mp https://github.com/cvat-ai/cvat/commit/40800707fe39e3ff76c8d036eb953eb12d764e70 https://access.redhat.com/security/cve/cve-2026-23516
Patch
https://github.com/cvat-ai/cvat/releases
Share on: