CVE-2026-12811 | kortix-ai suna up to 0.8.38 Auth Endpoint page.tsx router.replace/router.push returnURL cross site scripting

A vulnerability categorized as problematic has been discovered in kortix-ai suna up to 0.8.38. Affected by this issue is the function router.replace/router.push of the file apps/frontend/src/app/auth/page.tsx of the component Auth Endpoint. Executing a manipulation of the argument returnURL can lead to cross site scripting.

The identification of this vulnerability is CVE-2026-12811. The attack may be launched remotely. Furthermore, there is an exploit available.

It is advisable to upgrade the affected component.

The researcher explains: “The issue was fixed in v0.8.39 without notifying the wider user base via a security disclosure.”

CVE-2026-12811 | kortix-ai suna up to 0.8.38 Auth Endpoint page.tsx router.replace/router.push returnURL cross site scripting

Post correlati

CVE-2024-12742 | NI G Web Development Software up to 22.3.1 Project File deserialization

VDB-261594 | CrushFTP up to 10.7.1/11.0 VFS information disclosure

CVE-2024-7306 | SourceCodester Establishment Billing Management System 1.0 /manage_block.php id sql injection

CVE-2024-34662 | Samsung Devices ActivityManager access control