QwikSec

Security Database

CVE

CWE

Training

CVE-2025-56526

Published: Nov 18, 2025

Modified: Nov 19, 2025

PUBLISHED

Description

Cross site scripting (XSS) vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/Cinnamon/kotaemon/commit/37cdc28

https://github.com/Cinnamon/kotaemon

https://skinny-exoplanet-584.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-22cd1563bd3380458588eb49f361a363

https://github.com/HanTul/Kotaemon-CVE-2025-56526-56527-disclosure

https://harvest-sink-590.notion.site/Stored-XSS-via-Unsanitized-PDF-Content-Rendering-and-Plaintext-Credential-Exposure-in-LocalStorage-236770c3fe1e80f6a1aef381fb1c8f73

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.