CVE-2026-22033
Unknown Unknown - Not Provided
Persistent XSS in Label Studio Custom Hotkeys Enables Account Takeover

Publication date: 2026-01-12

Last updated on: 2026-01-12

Assigner: GitHub, Inc.

Description
Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS) vulnerability exists in the custom_hotkeys functionality of the application. An authenticated attacker (or one who can trick a user/administrator into updating their custom_hotkeys) can inject JavaScript code that executes in other users’ browsers when those users load any page using the templates/base.html template. Because the application exposes an API token endpoint (/api/current-user/token) to the browser and lacks robust CSRF protection on some API endpoints, the injected script may fetch the victim’s API token or call token reset endpoints β€” enabling full account takeover and unauthorized API access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-12
Last Modified
2026-01-12
Generated
2026-05-07
AI Q&A
2026-01-13
EPSS Evaluated
2026-05-05
NVD
CVE-2026-22033
EUVD
EUVD-2026-1921
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
humansignal label_studio 1.22.0
humansignal label_studio 1.21.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows an attacker to perform full account takeover and unauthorized API access by stealing API tokens via injected scripts. This can lead to unauthorized access to sensitive user data and potentially compromise user privacy and data integrity. Such unauthorized access and data breaches can result in non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches. [2]


Can you explain this vulnerability to me?

CVE-2026-22033 is a stored cross-site scripting (XSS) vulnerability in Label Studio's custom_hotkeys feature. An authenticated attacker can inject malicious JavaScript code into the custom_hotkeys field, which is then unsafely rendered in the application's base HTML template. When other users load pages using this template, the injected script executes in their browsers. This script can access sensitive API token endpoints and perform unauthorized actions, potentially leading to full account takeover and unauthorized API access. [2]


How can this vulnerability impact me? :

This vulnerability can lead to full compromise of user accounts by allowing attackers to steal API tokens and perform unauthorized API calls. It enables attackers to execute arbitrary JavaScript in other users' browsers, potentially resetting tokens and escalating privileges. If administrators are affected, it could result in system-wide compromise. The attack requires only low privileges and no user interaction beyond loading a vulnerable page. [2]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection involves identifying if malicious JavaScript code has been injected into the `custom_hotkeys` user profile field and is executing in users' browsers. One approach is to inspect the `custom_hotkeys` field for suspicious script tags or payloads by querying the API endpoint `/api/users/{id}/` for user data. Additionally, monitoring HTTP requests to pages using the `templates/base.html` template (e.g., `/user/account/`) for unexpected script execution or unusual API token requests to `/api/current-user/token` can help detect exploitation. Commands to detect injection might include using curl or similar tools to fetch and inspect user data, for example: 1. Identify user ID: `curl -X GET -H 'Authorization: Bearer <token>' https://<label-studio-host>/api/current-user/whoami` 2. Fetch user profile: `curl -X GET -H 'Authorization: Bearer <token>' https://<label-studio-host>/api/users/{id}/` and check the `custom_hotkeys` field for suspicious content. 3. Monitor browser console logs or network traffic for unexpected calls to `/api/current-user/token` or script errors. However, no specific detection scripts or commands are provided in the resources. [2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include: 1. Apply the patch that properly sanitizes and escapes the `custom_hotkeys` input before rendering, as implemented in the fix merged on December 29, 2025 (commit `c4839fc`), which escapes `<` and `>` characters and applies JSON serialization to prevent script injection. 2. Restrict or disable the ability for users to update their `custom_hotkeys` until the patch is applied. 3. Monitor and audit user profiles for suspicious `custom_hotkeys` entries and remove any malicious payloads. 4. Enhance CSRF protections on API endpoints, especially those related to user profile updates and token management. 5. Educate users and administrators about the risk of loading pages with vulnerable templates and the importance of applying updates promptly. Since no patched versions were available at the time of the advisory, applying the fix from the referenced commit or upgrading to a version including this fix is critical. [1, 3, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart