VYPR
Get started
← All advisories
Critical severity9.0OSV Advisory· Published Sep 17, 2025· Updated Apr 15, 2026

CVE-2025-58766

CVE-2025-58766

Description

Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to execute arbitrary code on users' systems. The vulnerability affects the application's preview window functionality and can bypass Docker container protections. An attacker can craft web content that automatically executes when the preview loads. The malicious content can break out of the application's security boundaries and gain control of the system. This has been fixed in Dyad v0.20.0 and later.

Affected products

1

Patches

2
ebcf89ee6cea

fix: hide <dyad-command> tags from generated text output (#945) (#1162)

https://github.com/dyad-sh/dyadAdeniji Adekunle JamesSep 3, 2025via osv
commit
1 file changed · +6 0
  • src/components/chat/DyadMarkdownParser.tsx+6 0 modified
    @@ -123,6 +123,7 @@ function preprocessUnclosedTags(content: string): {
     "dyad-edit",
     "dyad-codebase-context",
     "think",
+    "dyad-command",
   ];
 
   let processedContent = content;
@@ -189,6 +190,7 @@ function parseCustomTags(content: string): ContentPiece[] {
     "dyad-edit",
     "dyad-codebase-context",
     "think",
+    "dyad-command",
   ];
 
   const tagPattern = new RegExp(
@@ -418,6 +420,10 @@ function renderCustomTag(
       // Don't render anything for dyad-chat-summary
       return null;
 
+    case "dyad-command":
+      // Don't render anything for dyad-command
+      return null;
+
     default:
       return null;
   }
1c0255ab126d

Enable iframe sandbox (#1178)

https://github.com/dyad-sh/dyadWill ChenSep 3, 2025via osv
commit
4 files changed · +14 2
  • e2e-tests/preview_iframe.spec.ts+10 0 added
    @@ -0,0 +1,10 @@
+import { testSkipIfWindows } from "./helpers/test_helper";
+import { expect } from "@playwright/test";
+
+testSkipIfWindows("preview iframe has sandbox attributes", async ({ po }) => {
+  await po.setUp();
+  await po.sendPrompt("hi");
+  expect(
+    await po.getPreviewIframeElement().getAttribute("sandbox"),
+  ).toMatchSnapshot();
+});
  • e2e-tests/snapshots/preview_iframe.spec.ts_preview-iframe-has-sandbox-attributes-1.txt+1 0 added
    @@ -0,0 +1 @@
+allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-orientation-lock allow-pointer-lock allow-presentation allow-downloads
\ No newline at end of file
  • package-lock.json+2 2 modified
    @@ -1,12 +1,12 @@
 {
   "name": "dyad",
-  "version": "0.19.0-beta.1",
+  "version": "0.19.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "dyad",
-      "version": "0.19.0-beta.1",
+      "version": "0.19.0",
       "license": "MIT",
       "dependencies": {
         "@ai-sdk/anthropic": "^2.0.4",
  • src/components/preview_panel/PreviewIframe.tsx+1 0 modified
    @@ -544,6 +544,7 @@ export const PreviewIframe = ({ loading }: { loading: boolean }) => {
           </div>
         ) : (
           <iframe
+            sandbox="allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-orientation-lock allow-pointer-lock allow-presentation allow-downloads"
             data-testid="preview-iframe-element"
             onLoad={() => {
               setErrorMessage(undefined);

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.