HanTul/Kotaemon-CVE-2025-56526-56527-disclosure
GitHub
Releases0
Stars1
Public disclosure for CVE-2025-56526 and CVE-2025-56527 — Stored XSS via unsanitized PDF content rendering and plaintext credential exposure in Kotaemon 0.11.0. Includes full technical analysis, PoC, impact assessment, and responsible disclosure timeline.