CVE-2026-44369

Vulnerability Description

CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add malicious JavaScript code, which will then run in the browser of anyone who opens this annotation guide. This code will be able to make arbitrary requests to CVAT with the victim user's privileges. This vulnerability is fixed in 2.64.0.

Related Weaknesses (CWE)

References

• https://github.com/cvat-ai/cvat/commit/ad9e90003d8234ac7602598b109dc11450321dfc
• https://github.com/cvat-ai/cvat/security/advisories/GHSA-m2h7-6xqm-p9v5

FAQ

What is CVE-2026-44369?

CVE-2026-44369 is a documented vulnerability. CVAT is an open source interactive video and image annotation tool for computer vision. From 2.5.0 to 2.63.0, an attacker who is able to create or edit an annotation guide on a task is able to add mal...

How severe is CVE-2026-44369?

CVSS scoring is not yet available for CVE-2026-44369. Check NVD for updates.

Is there a patch for CVE-2026-44369?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.