Executive Summary

CVE-2026-22033 is a stored cross-site scripting (XSS) vulnerability in Label Studio's custom_hotkeys feature. An authenticated attacker can inject malicious JavaScript code into the custom_hotkeys field, which is then unsafely rendered in the application's base HTML template. When other users load pages using this template, the injected script executes in their browsers. This script can access sensitive API token endpoints and perform unauthorized actions, potentially leading to full account takeover and unauthorized API access. [2]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to full compromise of user accounts by allowing attackers to steal API tokens and perform unauthorized API calls. It enables attackers to execute arbitrary JavaScript in other users' browsers, potentially resetting tokens and escalating privileges. If administrators are affected, it could result in system-wide compromise. The attack requires only low privileges and no user interaction beyond loading a vulnerable page. [2]

Useful 0 Not Useful 0

Detection Guidance

Detection involves identifying if malicious JavaScript code has been injected into the `custom_hotkeys` user profile field and is executing in users' browsers. One approach is to inspect the `custom_hotkeys` field for suspicious script tags or payloads by querying the API endpoint `/api/users/{id}/` for user data. Additionally, monitoring HTTP requests to pages using the `templates/base.html` template (e.g., `/user/account/`) for unexpected script execution or unusual API token requests to `/api/current-user/token` can help detect exploitation. Commands to detect injection might include using curl or similar tools to fetch and inspect user data, for example: 1. Identify user ID: `curl -X GET -H 'Authorization: Bearer <token>' https://<label-studio-host>/api/current-user/whoami` 2. Fetch user profile: `curl -X GET -H 'Authorization: Bearer <token>' https://<label-studio-host>/api/users/{id}/` and check the `custom_hotkeys` field for suspicious content. 3. Monitor browser console logs or network traffic for unexpected calls to `/api/current-user/token` or script errors. However, no specific detection scripts or commands are provided in the resources. [2]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include: 1. Apply the patch that properly sanitizes and escapes the `custom_hotkeys` input before rendering, as implemented in the fix merged on December 29, 2025 (commit `c4839fc`), which escapes `<` and `>` characters and applies JSON serialization to prevent script injection. 2. Restrict or disable the ability for users to update their `custom_hotkeys` until the patch is applied. 3. Monitor and audit user profiles for suspicious `custom_hotkeys` entries and remove any malicious payloads. 4. Enhance CSRF protections on API endpoints, especially those related to user profile updates and token management. 5. Educate users and administrators about the risk of loading pages with vulnerable templates and the importance of applying updates promptly. Since no patched versions were available at the time of the advisory, applying the fix from the referenced commit or upgrading to a version including this fix is critical. [1, 3, 2]

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows an attacker to perform full account takeover and unauthorized API access by stealing API tokens via injected scripts. This can lead to unauthorized access to sensitive user data and potentially compromise user privacy and data integrity. Such unauthorized access and data breaches can result in non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches. [2]

Useful 0 Not Useful 0