Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.3
LangBot Web UI allows malicious code to be injected
CVE-2026-28509
Summary
LangBot's web interface may allow an attacker to inject malicious code into a user's session. This could potentially allow an attacker to steal sensitive information or take control of a user's account. Update to version 4.8.7 or later to fix this issue.
Original title
LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting (XSS) vulner...
Original description
LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting (XSS) vulnerability. This issue has been patched in version 4.8.7.
nvd CVSS3.1
6.3
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 6 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026