CVE-2026-5625
Cross-Site Scripting in assafelovic GPT-Researcher WebSocket Interface
Publication date: 2026-04-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| assafelovic | gpt_researcher | to 3.4.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5625 is a Reflected Cross-Site Scripting (XSS) vulnerability found in GPT Researcher versions 3.4.3 and earlier. It occurs because the backend server includes user-supplied input (the research task name) directly into WebSocket log messages without any HTML encoding or sanitization.
These log messages are then rendered on the frontend using JavaScript's innerHTML property without sanitization, allowing malicious HTML or JavaScript code to execute in the user's browser.
An attacker can exploit this by submitting a research task containing malicious code, which gets embedded in log messages and executed when displayed, leading to script execution in the context of the application.
How can this vulnerability impact me? :
This vulnerability can lead to several security impacts including:
- Self-XSS attacks where users are tricked into inputting malicious queries.
- Session hijacking by executing scripts in the application's origin context, potentially allowing attackers to access cookies, localStorage, and manipulate the DOM.
- Multiple injection points exist, meaning the malicious script can execute multiple times per research session.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the WebSocket interface of GPT Researcher versions 3.4.3 and earlier for reflected cross-site scripting (XSS) via the research task name input.
A practical detection method is to submit a research task containing a known XSS payload, such as <img src=x onerror=alert(document.domain)>, and observe if the alert is triggered in the browser.
Since the vulnerability involves WebSocket log messages embedding unsanitized user input, monitoring WebSocket traffic for suspicious payloads or injected HTML/JavaScript in the messages can help detect exploitation attempts.
Suggested commands or steps include:
- Use browser developer tools to monitor WebSocket messages for injected HTML or JavaScript.
- Run the GPT Researcher application locally and input a test payload like `<img src=x onerror=alert(document.domain)>` in the research task input to see if an alert pops up.
- Use network traffic capture tools (e.g., Wireshark or tcpdump) to capture WebSocket frames and inspect them for unsanitized user input.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include sanitizing or escaping user input before it is embedded in WebSocket log messages and preventing unsafe HTML rendering on the frontend.
- On the backend, apply HTML escaping to the task name input using Pythonβs html.escape() function before including it in log messages.
- On the frontend, replace usage of innerHTML with textContent when rendering WebSocket log messages to avoid executing embedded scripts.
- Alternatively, sanitize the HTML content using a library such as DOMPurify before inserting it into the DOM.
Until a patch is available, avoid entering untrusted or suspicious input in the research task field to reduce risk of exploitation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability described is a Reflected Cross-Site Scripting (XSS) issue that allows execution of arbitrary JavaScript in the context of the GPT Researcher web interface. This can lead to session hijacking and unauthorized access to sensitive data stored in cookies or local storage.
Such security weaknesses can impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches. The ability for an attacker to execute scripts and potentially access user session data or manipulate the application could lead to data breaches or unauthorized disclosure of personal information.
Therefore, this vulnerability poses a risk to maintaining the confidentiality and integrity of user data, which are core requirements in many regulatory frameworks. Organizations using the affected software should address this issue promptly to avoid non-compliance risks.