CVE-2026-27627

Name of the Vulnerable Software and Affected Versions Karakeep version 0.30.0

Description Karakeep is an elf-hostable bookmark-everything app. Version 0.30.0 does not properly sanitize HTML content received from the Reddit metascraper plugin. Specifically, when the plugin returns readableContentHtml, the application directly uses this content in the HTML parsing subprocess without running it through DOMPurify. This unsanitized content is then injected into the application’s Document Object Model (DOM) via React’s dangerouslySetInnerHTML, potentially allowing malicious HTML to be executed in a user’s browser.

Recommendations Update to version 0.31.0 to address this issue.