CVE-2026-39107
Description
Kimi AI v1.0's 'Preview' feature suffers from XSS, allowing attackers to execute arbitrary JavaScript in a victim's browser via AI-generated code.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Kimi AI v1.0's 'Preview' feature suffers from XSS, allowing attackers to execute arbitrary JavaScript in a victim's browser via AI-generated code.
Vulnerability
A Cross-Site Scripting (XSS) vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is rendered directly into the DOM, leading to arbitrary JavaScript execution in the victim's browser session. This affects Kimi AI version v1.0 [2].
Exploitation
An attacker can exploit this vulnerability by prompting the AI to generate code that includes malicious HTML/JavaScript payloads. The AI then embeds these payloads within the generated code. When a victim views this generated code in the 'Preview' tab, the unsanitized payload is rendered and executed in their browser. The attacker needs to trick the victim into viewing the AI-generated code in the 'Preview' tab [2].
Impact
Successful exploitation allows an attacker to execute arbitrary JavaScript in the victim's browser session. This can lead to various malicious actions, such as stealing sensitive information like cookies or performing unauthorized actions on behalf of the victim, depending on the payload used [2].
Mitigation
Kimi AI version v1.0 is affected. Information regarding a fixed version or a release date for a patch is not yet available in the provided references. No workarounds are disclosed at this time [2].
AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model."
Attack vector
An attacker can prompt the AI to generate code that includes malicious JavaScript payloads. When a user views this generated code in the 'Preview' tab, the application renders the payload directly into the DOM without proper sanitization. This leads to arbitrary JavaScript execution within the victim's browser session [ref_id=1]. The attack can be initiated by providing a specific prompt, such as requesting an XSS scanner tool with embedded payloads [ref_id=1].
Affected code
The vulnerability resides within the 'Preview' tab of the Kimi AI v1.0 web interface, specifically in the component responsible for rendering AI-generated code. The application fails to properly sanitize or encode HTML/JavaScript payloads before displaying them [ref_id=1].
What the fix does
The advisory does not specify a patch or provide details on how the vulnerability is fixed. Remediation guidance would typically involve implementing robust input sanitization and output encoding mechanisms to prevent the rendering of malicious scripts.
Preconditions
- authUser must be logged into the Kimi AI web platform.
- inputThe attacker must prompt the AI to generate code containing malicious JavaScript payloads.
Reproduction
1. Log in to the Kimi AI web platform. 2. Provide a prompt requesting the creation of a tool (like an XSStrike clone) containing scanner code. 3. Wait for the AI model to fully generate the code response. 4. Click on the 'Preview' tab in the chat interface to view the rendered application. 5. The application fails to filter the JavaScript context within the preview container, triggering immediate execution of the script in the victim's browser [ref_id=1].
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
News mentions
0No linked articles in our index yet.