CVE-2025-56526

Published
View on NVD ↗
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF.

Cinnamon/kotaemon
Cinnamon/kotaemon
An open-source RAG-based tool for chatting with your documents.
GitHubGitHub
25.4K
HanTul/Kotaemon-CVE-2025-56526-56527-disclosure
HanTul/Kotaemon-CVE-2025-56526-56527-disclosure
Public disclosure for CVE-2025-56526 and CVE-2025-56527 — Stored XSS via unsanitized PDF content rendering and plaintext credential exposure in Kotaemon 0.11.0. Includes full technical analysis, PoC, impact assessment, and responsible disclosure timeline.
GitHubGitHub
1