CVE-2026-11436
Cross-Site Scripting in Mage AI Sign-in Flow
Publication date: 2026-06-06
Last updated on: 2026-06-06
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mage_ai | mage_ai | to 0.9.79 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a DOM-Based Cross-Site Scripting (XSS) issue found in Mage AI's sign-in functionality, specifically in the useMutation function of the Sign-in Flow component. It occurs because the redirect_url parameter is improperly handled and embedded directly into the redirection URL without validation or sanitization.
Attackers can exploit this by crafting malicious links containing JavaScript payloads that execute when clicked by users, potentially leading to session hijacking, credential theft, or unauthorized actions.
How can this vulnerability impact me? :
The vulnerability can be exploited remotely with minimal user interaction, allowing attackers to execute malicious scripts in the context of the affected application.
- Session hijacking
- Credential theft
- Unauthorized actions performed on behalf of the user
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring and analyzing the usage of the `redirect_url` parameter in Mage AI's sign-in flow, specifically looking for suspicious or malicious payloads such as JavaScript schemes embedded in URLs.
One approach is to inspect HTTP requests to the sign-in endpoint for any `redirect_url` parameters containing potentially dangerous values like `javascript:` or other unexpected schemes.
- Use network traffic capture tools (e.g., tcpdump, Wireshark) to filter HTTP requests containing `redirect_url` parameters.
- Example command to capture HTTP requests with `redirect_url` parameter using tcpdump:
- tcpdump -A -s 0 'tcp port 80 or tcp port 443' | grep 'redirect_url='
- Use web server logs or application logs to search for suspicious `redirect_url` values.
- Example grep command on logs:
- grep -i 'redirect_url=javascript:' /path/to/logfile
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation involves validating and sanitizing the `redirect_url` parameter in the sign-in flow to prevent injection of malicious scripts.
Specifically, ensure that the `redirect_url` only allows URLs within the same origin and uses safe protocols such as HTTP or HTTPS, explicitly blocking dangerous schemes like `javascript:`.
Additionally, consider implementing input validation and output encoding to prevent cross-site scripting attacks.
If possible, temporarily disable or restrict the use of the `redirect_url` parameter until a proper fix or patch is applied.
Monitor for any exploitation attempts and apply web application firewall (WAF) rules to block suspicious payloads targeting this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Mage AI's sign-in flow allows for DOM-Based Cross-Site Scripting (XSS) via manipulation of the redirect_url parameter. This can lead to session hijacking, credential theft, or unauthorized actions.
Such security weaknesses can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of user data and secure authentication mechanisms to prevent unauthorized access and data breaches.
Failure to remediate this vulnerability could result in unauthorized disclosure or misuse of personal data, potentially violating these regulations' requirements for data confidentiality and integrity.