CVE-2026-5625
Received Received - Intake
Cross-Site Scripting in assafelovic GPT-Researcher WebSocket Interface

Publication date: 2026-04-06

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gpt_researcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-06
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-5625
EUVD
EUVD-2026-19178
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
assafelovic gpt_researcher to 3.4.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-5625 is a Reflected Cross-Site Scripting (XSS) vulnerability found in GPT Researcher versions 3.4.3 and earlier. It occurs because the backend server includes user-supplied input (the research task name) directly into WebSocket log messages without any HTML encoding or sanitization.

These log messages are then rendered on the frontend using JavaScript's innerHTML property without sanitization, allowing malicious HTML or JavaScript code to execute in the user's browser.

An attacker can exploit this by submitting a research task containing malicious code, which gets embedded in log messages and executed when displayed, leading to script execution in the context of the application.

Impact Analysis

This vulnerability can lead to several security impacts including:

  • Self-XSS attacks where users are tricked into inputting malicious queries.
  • Session hijacking by executing scripts in the application's origin context, potentially allowing attackers to access cookies, localStorage, and manipulate the DOM.
  • Multiple injection points exist, meaning the malicious script can execute multiple times per research session.
Detection Guidance

This vulnerability can be detected by testing the WebSocket interface of GPT Researcher versions 3.4.3 and earlier for reflected cross-site scripting (XSS) via the research task name input.

A practical detection method is to submit a research task containing a known XSS payload, such as <img src=x onerror=alert(document.domain)>, and observe if the alert is triggered in the browser.

Since the vulnerability involves WebSocket log messages embedding unsanitized user input, monitoring WebSocket traffic for suspicious payloads or injected HTML/JavaScript in the messages can help detect exploitation attempts.

Suggested commands or steps include:

  • Use browser developer tools to monitor WebSocket messages for injected HTML or JavaScript.
  • Run the GPT Researcher application locally and input a test payload like `<img src=x onerror=alert(document.domain)>` in the research task input to see if an alert pops up.
  • Use network traffic capture tools (e.g., Wireshark or tcpdump) to capture WebSocket frames and inspect them for unsanitized user input.
Mitigation Strategies

Immediate mitigation steps include sanitizing or escaping user input before it is embedded in WebSocket log messages and preventing unsafe HTML rendering on the frontend.

  • On the backend, apply HTML escaping to the task name input using Python’s html.escape() function before including it in log messages.
  • On the frontend, replace usage of innerHTML with textContent when rendering WebSocket log messages to avoid executing embedded scripts.
  • Alternatively, sanitize the HTML content using a library such as DOMPurify before inserting it into the DOM.

Until a patch is available, avoid entering untrusted or suspicious input in the research task field to reduce risk of exploitation.

Compliance Impact

The vulnerability described is a Reflected Cross-Site Scripting (XSS) issue that allows execution of arbitrary JavaScript in the context of the GPT Researcher web interface. This can lead to session hijacking and unauthorized access to sensitive data stored in cookies or local storage.

Such security weaknesses can impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches. The ability for an attacker to execute scripts and potentially access user session data or manipulate the application could lead to data breaches or unauthorized disclosure of personal information.

Therefore, this vulnerability poses a risk to maintaining the confidentiality and integrity of user data, which are core requirements in many regulatory frameworks. Organizations using the affected software should address this issue promptly to avoid non-compliance risks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5625. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart