CVE-2026-9566
Stored XSS in Teable Login Redirect Parameter
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| teableio | teable | to 1.9.x (inc) |
| teableio | teable | release.2026-04-21T08-57-20Z.1513 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Teable application, specifically in the sign-up component's LoginPage.tsx file. It involves improper handling of the redirect argument, which can be manipulated to perform a cross-site scripting (XSS) attack. An attacker can craft a malicious redirect URL containing unsafe protocols like javascript:, causing arbitrary JavaScript code to execute in the victim's browser after login.
The vulnerability arises because the redirect parameter is not properly validated or sanitized before being used in navigation, allowing remote attackers to exploit it. The issue has been fixed by validating the redirect parameter with a function that blocks unsafe protocols and cross-origin redirects.
How can this vulnerability impact me? :
This vulnerability can lead to several security impacts including execution of arbitrary JavaScript code in users' browsers, which can result in session hijacking, credential theft, or unauthorized actions performed on behalf of the user.
Because the attack can be carried out remotely and the exploit is publicly available, it increases the risk of exploitation by malicious actors.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves improper handling of the redirect parameter in the LoginPage.tsx file, which can be exploited via crafted URLs containing malicious redirect parameters such as javascript: payloads.
Detection on your system or network can involve monitoring for suspicious URLs or HTTP requests that include unusual or unsafe redirect parameters, especially those containing javascript:, data:, or cross-origin URLs.
You can use network traffic inspection tools or web server logs to search for requests to the login page with suspicious redirect parameters.
- Use grep or similar tools on web server logs to find requests with redirect parameters containing 'javascript:' or other unsafe schemes, e.g.:
- grep -i 'redirect=javascript:' /var/log/nginx/access.log
- Use web application firewall (WAF) rules to detect and block requests with unsafe redirect parameters.
- Monitor browser console logs or client-side behavior for unexpected script execution after login.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the affected Teable component to the fixed version release.2026-04-21T08-57-20Z.1513 or later, where the redirect parameter is properly validated.
The fix involves validating the redirect parameter using a function like isValidRedirectPath() to block unsafe protocols such as javascript:, data:, and cross-origin redirects.
Until the upgrade can be applied, consider implementing input validation or filtering on the redirect parameter at the web server or application level to reject unsafe values.
Additionally, monitor and block suspicious requests that attempt to exploit this vulnerability using WAF rules or network security controls.