VYPR
Unrated severityNVD Advisory· Published Mar 6, 2026· Updated Mar 6, 2026

LangBot has a Cross Site Scripting(XSS) Vulnerability

CVE-2026-28509

Description

LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting (XSS) vulnerability. This issue has been patched in version 4.8.7.

Affected products

2
  • Apboard/Langbotllm-fuzzy2 versions
    <4.8.7+ 1 more
    • (no CPE)range: <4.8.7
    • (no CPE)range: < 4.8.7

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.