CVE-2026-43979

EPSS 0.26%
Veröffentlicht 28.05.2026 17:59:19
Zuletzt bearbeitet 01.06.2026 18:38:18
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Local Deep Research: HTML Injection via Unescaped User Input in PDF Export (`pdf_service.py:_markdown_to_html`)

Local Deep Research is an AI-powered research assistant for deep, iterative research. Prior to 1.6.0, PDFService._markdown_to_html() constructs an HTML document by interpolating user-controlled values — specifically title (sourced from research.title or research.query) and metadata key-value pairs — directly into an f-string without any HTML escaping. An authenticated attacker can craft a research query containing HTML special characters to inject arbitrary HTML tags into the document processed by WeasyPrint during PDF export. This injection can be chained to trigger a Server-Side Request Forgery (SSRF), bypassing the application's existing SSRF defenses in ssrf_validator.py. This vulnerability is fixed in 1.6.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 6

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLearningCircuit

≫

Produkt local-deep-research

Version < 1.6.0

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.174

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5	3.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://github.com/LearningCircuit/local-deep-research/security/advisories/GHSA-fj2m-qvh9-jq4q

https://github.com/LearningCircuit/local-deep-research/pull/3082

https://github.com/LearningCircuit/local-deep-research/pull/3613

https://nvd.nist.gov/vuln/detail/CVE-2026-43979

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-43979

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-43979

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-43979