Compliance Impact

The vulnerability allows attackers to execute arbitrary scripts in users' browsers by uploading malicious HTML or script content as artifacts, leading to session compromise and credential theft.

Such security issues can impact compliance with standards like GDPR and HIPAA, which require protection of user data and prevention of unauthorized access or data breaches.

By enabling session compromise and credential theft, this vulnerability could lead to unauthorized access to personal or sensitive information, potentially violating data protection regulations.

The fix implemented forces downloads of active web content artifact MIME types to prevent inline script execution, thereby mitigating the risk and helping maintain compliance with security requirements of these standards.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-32859 is a stored cross-site scripting (XSS) vulnerability in ByteDance Deer-Flow versions prior to commit 5dbb362. It exists in the artifacts API, where attackers can upload malicious HTML or script content as artifacts. When users view these artifacts, the malicious scripts execute in their browser context, potentially compromising user sessions, stealing credentials, and allowing arbitrary script execution.

The vulnerability arises because the artifacts API previously served active web content files (such as HTML, XHTML, and SVG) inline in the browser, enabling script execution. The fix forces these active content types to be downloaded as attachments rather than rendered inline, preventing the execution of malicious scripts.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing attackers to execute arbitrary scripts in your browser when you view malicious artifacts. This can lead to session compromise, credential theft, and unauthorized actions performed on your behalf within the application.

Because the malicious content executes in the browser context, attackers can hijack user sessions or steal sensitive information, potentially leading to further exploitation or unauthorized access.

Useful 0 Not Useful 0

Detection Guidance

Detection of CVE-2026-32859 involves identifying if the artifacts API is serving active web content types (such as HTML, XHTML, or SVG) inline rather than forcing downloads, which could allow stored XSS attacks.

One approach is to monitor HTTP responses from the artifacts API endpoint (/threads/{thread_id}/artifacts/{path:path}) and check the Content-Disposition header. If active content types are served inline (without Content-Disposition: attachment), the system is vulnerable.

Suggested commands to detect this behavior could include using curl or similar tools to request artifact files and inspect headers:

• curl -I https://your-deerflow-instance/threads/{thread_id}/artifacts/{artifact_path}
• Check the response headers for Content-Disposition. If missing or not set to 'attachment' for HTML, XHTML, or SVG files, the vulnerability may be present.
• Additionally, scanning uploaded artifacts for suspicious HTML or script content can help detect malicious payloads.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate CVE-2026-32859, immediately update ByteDance Deer-Flow to include the fix introduced in commit 5dbb362 or later.

The fix enforces that active web content MIME types (text/html, application/xhtml+xml, image/svg+xml) are served as downloadable attachments rather than inline, preventing script execution in the browser.

If updating is not immediately possible, as a temporary measure, configure the artifact delivery mechanism or web server to force downloads for these MIME types by setting the Content-Disposition header to 'attachment'.

Also, review and restrict artifact uploads to disallow or sanitize HTML and script content to reduce risk.

Useful 0 Not Useful 0