CVE-2026-39416

UNKNOWN 0.0

Stored XSS in modal item preview for long item content in AIL Framework

CVSS Score

0.0

EPSS Score

0.1%

EPSS Percentile

22th

AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting (XSS) vulnerability was identified in the modal item preview functionality. When item content longer than 800 characters was processed, attacker-controlled content was returned without an explicit text/plain content type, allowing the browser to interpret the response as active HTML. This could result in execution of arbitrary JavaScript in the context of an authenticated user viewing a crafted item. This vulnerability is fixed in 6.8.

CWE	CWE-79
Vendor	ail-project
Product	ail-framework
Published	Apr 8, 2026
Last Updated	Apr 9, 2026

Stay Ahead of the Next One

Get instant alerts for ail-project ail-framework

Be the first to know when new unknown vulnerabilities affecting ail-project ail-framework are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ail-project / ail-framework

< 6.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/ail-project/ail-framework/security/advisories/GHSA-fj6v-43r7-gcjm vulnerability.circl.lu: https://vulnerability.circl.lu/vuln/gcve-1-2026-0023