CVE-2026-33664
Published: 26 March 2026
Summary
CVE-2026-33664 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Kestra Kestra. Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked at the 19.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-15 (Information Output Filtering) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-33664 is a cross-site scripting (XSS) vulnerability (CWE-79) affecting Kestra, an open-source event-driven orchestration platform, in versions up to and including 1.3.3. The issue arises because user-supplied flow YAML metadata fields—specifically description, inputs[].displayName, and inputs[].description—are rendered through the Markdown.vue component with html: true enabled. The resulting HTML is then injected into the DOM using Vue's v-html directive without any sanitization, allowing malicious payloads to be executed.
A flow author with low privileges (PR:L) can exploit this by embedding arbitrary JavaScript in the affected YAML fields. When any user views or interacts with the flow in their browser, the JavaScript executes in that user's context. Exploitation requires low attack complexity over the network (AV:N/AC:L/UI:R) but some user interaction, with potential for high confidentiality and integrity impacts (C:H/I:H). Notably, inputs[].displayName enables zero-click execution upon viewing.
The GitHub security advisory (GHSA-v2mc-8q95-g7hp) details the vulnerability, distinguishing it from CVE-2026-29082/GHSA-r36c-83hm-pc8j, which affects different components (FilePreview.vue) and data sources with higher interaction requirements. As of publication, it remains unclear if a patch is available for this issue.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-16430
Vulnerability details
Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs[].displayName, inputs[].description — through the Markdown.vue component instantiated with html: true. The resulting HTML is injected into the DOM…
more
via Vue's v-html without any sanitization. This allows a flow author to embed arbitrary JavaScript that executes in the browser of any user who views or interacts with the flow. This is distinct from GHSA-r36c-83hm-pc8j / CVE-2026-29082, which covers only FilePreview.vue rendering .md files from execution outputs. The present finding affects different components, different data sources, and requires significantly less user interaction (zero-click for input.displayName). As of time of publication, it is unclear if a patch is available.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS in shared flow YAML metadata directly enables tainting of content viewed by other users (T1080), arbitrary JavaScript execution in the browser (T1059.007), and session hijacking via stolen tokens/cookies (T1185).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates XSS by requiring filtering or sanitization of user-supplied YAML metadata before rendering via v-html in the browser DOM.
Validates inputs in flow YAML metadata fields like description and inputs[].displayName to reject or escape malicious HTML/JavaScript payloads.
Remediates the flaw in Markdown.vue by applying patches or fixes to disable unsafe html: true rendering and enforce sanitization.