CVSS 3.1 Score 4.7 of 10 (medium)


Published Feb 22, 2024
Updated: Feb 23, 2024


CVE-2024-26152 is a vulnerability found in all versions of Label Studio prior to 1.11.0. It allows an attacker to execute cross-site scripting (XSS) attacks by uploading malicious files through the "Upload Files" function. The vulnerability occurs because the imported data is not properly sanitized before being rendered within certain tags in Label Studio. To remediate this vulnerability, users should update to version 1.11.0 or later. This vulnerability poses a potential danger to organizations using Label Studio as it can be exploited by attackers to inject malicious code and steal sensitive information from users of the application.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-26152 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options