CVE-2026-5625 | assafelovic gpt-researcher up to 3.4.3 WebSocket Interface researcher.py task cross site scripting (Issue 1692)

A vulnerability labeled as problematic has been found in assafelovic gpt-researcher up to 3.4.3. This issue affects some unknown processing of the file gpt_researcher/skills/researcher.py of the component WebSocket Interface. Executing a manipulation of the argument task can lead to cross site scripting.

The identification of this vulnerability is CVE-2026-5625. The attack may be launched remotely. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-5625 | assafelovic gpt-researcher up to 3.4.3 WebSocket Interface researcher.py task cross site scripting (Issue 1692)

Post correlati

CVE-2025-5237 | Target Video Easy Publish Plugin up to 3.8.5 on WordPress width cross site scripting

CVE-2023-39443 | GTKWave 3.3.115 LXT2 Parser out-of-bounds write (TALOS-2023-1826)

CVE-2024-34909 | KYKMS up to 1.0.1 PDF File unrestricted upload

CVE-2024-54119 | Huawei HarmonyOS 5.0.0 UIExtension Module information disclosure