Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0379

NIXPKGS-2026-0379
published on
Permalink CVE-2026-27627
8.2 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Changed (C)
  • Confidentiality (C): High (H)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
updated 3 months ago by @LeSuisse Activity log
  • Created suggestion 3 months ago
  • @LeSuisse accepted 3 months ago
  • @LeSuisse published on GitHub 3 months ago
Karakeep's Reddit plugin content bypasses DOMPurify sanitization, enabling stored XSS

Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns `readableContentHtml`, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify, but the Reddit path skips both. Since this content ends up in `dangerouslySetInnerHTML` in the reader view, any malicious HTML in the Reddit response gets executed in the user's browser. Version 0.31.0 contains a patch for this issue.

Affected products

karakeep
  • === 0.30.0

Matching in nixpkgs

pkgs.karakeep

Self-hostable bookmark-everything app (links, notes and images) with AI-based automatic tagging and full text search

Package maintainers

Upstream advisory: https://github.com/karakeep-app/karakeep/security/advisories/GHSA-mg93-f9mw-wpgj
Upstream patch: https://github.com/karakeep-app/karakeep/commit/ba3db953c0d8675e2e3ecc29113a332b570b2cb9