CVE-2026-25802

Name of the Vulnerable Software and Affected Versions New API versions prior to 0.10.8-alpha.9

Description The software contains a potential unsafe operation in the MarkdownRenderer.jsx component. This allows for Cross-Site Scripting (XSS) when the model outputs items containing <script> tags. The issue arises from using dangerouslySetInnerHTML to preview HTML generated by the model, which can trigger malicious scripts. A proof-of-concept demonstrates that prompting the model to generate a script can redirect the browser to google.com without user interaction. The chat history containing the XSS script is stored, potentially re-triggering the script upon revisiting the page. The impact includes potential malicious activity targeting users of the playground, especially if the model API is compromised to output unintended code. The vulnerable code resides on lines 212-231 of MarkdownRenderer.jsx.

Recommendations Versions prior to 0.10.8-alpha.9 should be updated to version 0.10.8-alpha.9 or later. As a temporary workaround, consider placing the preview within an iframe sandbox. Dangerous HTML strings should be purified before rendering.