CVE-2026-27627 — HIGH (8.2)

Vulnerability Description

Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns `readableContentHtml`, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify, but the Reddit path skips both. Since this content ends up in `dangerouslySetInnerHTML` in the reader view, any malicious HTML in the Reddit response gets executed in the user's browser. Version 0.31.0 contains a patch for this issue.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Localhostlabs	Karakeep	0.30.0

Related Weaknesses (CWE)

CWE-79

References

https://github.com/karakeep-app/karakeep/commit/ba3db953c0d8675e2e3ecc29113a332bPatch
https://github.com/karakeep-app/karakeep/releases/tag/v0.31.0ProductRelease Notes
https://github.com/karakeep-app/karakeep/security/advisories/GHSA-mg93-f9mw-wpgjExploitVendor Advisory

FAQ

What is CVE-2026-27627?

CVE-2026-27627 is a vulnerability with a CVSS score of 8.2 (HIGH). Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns `readableContentHtml`, the HTML parsing subprocess uses it directly without running it...

How severe is CVE-2026-27627?

CVE-2026-27627 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-27627?

Check the references section above for vendor advisories and patch information. Affected products include: Localhostlabs Karakeep.