Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
| Link | Providers |
|---|---|
| https://github.com/MGTx2 |
|
| https://github.com/MGTx2/CVE-2026-39107 |
|
Wed, 03 Jun 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Kimi AI v1.0 Web Interface Cross‑Site Scripting via Preview Feature |
Wed, 03 Jun 2026 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Wed, 03 Jun 2026 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Kimi AI v1.0 Web Interface Cross‑Site Scripting via Preview Feature | |
| Weaknesses | CWE-79 |
Wed, 03 Jun 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is rendered directly into the DOM, leading to arbitrary JavaScript execution in the victim's browser session. | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-06-03T17:54:55.865Z
Reserved: 2026-04-06T00:00:00.000Z
Link: CVE-2026-39107
Updated: 2026-06-03T17:52:29.357Z
Status : Deferred
Published: 2026-06-03T18:16:23.377
Modified: 2026-06-04T16:28:59.003
Link: CVE-2026-39107
No data.
OpenCVE Enrichment
Updated: 2026-06-03T20:45:42Z