CVE-2026-11436

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Mage AI versions prior to 0.9.80

Description A cross-site scripting issue exists in the Sign-in Flow component within the useMutation() function of the file mage ai/frontend/components/Sessions/SignForm/index.tsx. Manipulation of the query.redirect url variable allows for remote exploitation.

Recommendations Update to a version later than 0.9.79. As a temporary workaround, restrict or validate the input of the query.redirect url variable in the affected component.

Exploit

Fix

Code Injection

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-79

Related Identifiers

CVE-2026-11436

Affected Products

Mage Ai

CVE-2026-11436

Weakness Enumeration

Related Identifiers

Affected Products

References · 7