CVE-2026-32859

Vulnerability

Overview

The ByteDance DeerFlow artifacts API, prior to commit 5dbb362, contains a stored cross-site scripting (XSS) vulnerability. The API allows users to upload files as artifacts, but does not enforce safe MIME types or force download for active content such as HTML, XHTML, or SVG files. As a result, an attacker can upload a file containing malicious JavaScript that is later served inline to users who view the artifact [1] [2].

Exploitation

Conditions

An attacker with the ability to upload artifacts to DeerFlow can craft a file with an extension like .html, .xhtml, or .svg that includes embedded scripts. When another user accesses the artifact via the API, the browser renders the content inline, executing the attacker's script. No authentication is required beyond the upload capability, and the attack can be triggered simply by viewing the artifact [2] [3].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser. This can lead to session hijacking, credential theft, defacement, or further actions against the DeerFlow instance. The vulnerability is rated Medium (CVSS 5.4) due to the need for user interaction and the attacker's required access to upload artifacts [3].

Mitigation

The vulnerability is patched in commit 5dbb362 [2]. The fix modifies the artifacts router to force download for active MIME types (e.g., text/html, image/svg+xml) rather than displaying them inline, preventing script execution. Users should update to a version containing this commit. No workarounds have been published [1] [3].