CVE-2026-32859
Stored XSS in ByteDance Deer-Flow Artifacts API Enables Session Hijack
Publication date: 2026-03-27
Last updated on: 2026-03-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bytedance | deer-flow | to 5dbb362 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-32859 is a stored cross-site scripting (XSS) vulnerability in ByteDance Deer-Flow versions prior to commit 5dbb362. It exists in the artifacts API, where attackers can upload malicious HTML or script content as artifacts. When users view these artifacts, the malicious scripts execute in their browser context, potentially compromising user sessions, stealing credentials, and allowing arbitrary script execution.
The vulnerability arises because the artifacts API previously served active web content files (such as HTML, XHTML, and SVG) inline in the browser, enabling script execution. The fix forces these active content types to be downloaded as attachments rather than rendered inline, preventing the execution of malicious scripts.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary scripts in your browser when you view malicious artifacts. This can lead to session compromise, credential theft, and unauthorized actions performed on your behalf within the application.
Because the malicious content executes in the browser context, attackers can hijack user sessions or steal sensitive information, potentially leading to further exploitation or unauthorized access.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of CVE-2026-32859 involves identifying if the artifacts API is serving active web content types (such as HTML, XHTML, or SVG) inline rather than forcing downloads, which could allow stored XSS attacks.
One approach is to monitor HTTP responses from the artifacts API endpoint (/threads/{thread_id}/artifacts/{path:path}) and check the Content-Disposition header. If active content types are served inline (without Content-Disposition: attachment), the system is vulnerable.
Suggested commands to detect this behavior could include using curl or similar tools to request artifact files and inspect headers:
- curl -I https://your-deerflow-instance/threads/{thread_id}/artifacts/{artifact_path}
- Check the response headers for Content-Disposition. If missing or not set to 'attachment' for HTML, XHTML, or SVG files, the vulnerability may be present.
- Additionally, scanning uploaded artifacts for suspicious HTML or script content can help detect malicious payloads.
What immediate steps should I take to mitigate this vulnerability?
To mitigate CVE-2026-32859, immediately update ByteDance Deer-Flow to include the fix introduced in commit 5dbb362 or later.
The fix enforces that active web content MIME types (text/html, application/xhtml+xml, image/svg+xml) are served as downloadable attachments rather than inline, preventing script execution in the browser.
If updating is not immediately possible, as a temporary measure, configure the artifact delivery mechanism or web server to force downloads for these MIME types by setting the Content-Disposition header to 'attachment'.
Also, review and restrict artifact uploads to disallow or sanitize HTML and script content to reduce risk.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to execute arbitrary scripts in users' browsers by uploading malicious HTML or script content as artifacts, leading to session compromise and credential theft.
Such security issues can impact compliance with standards like GDPR and HIPAA, which require protection of user data and prevention of unauthorized access or data breaches.
By enabling session compromise and credential theft, this vulnerability could lead to unauthorized access to personal or sensitive information, potentially violating data protection regulations.
The fix implemented forces downloads of active web content artifact MIME types to prevent inline script execution, thereby mitigating the risk and helping maintain compliance with security requirements of these standards.