CVE-2026-23516 is a cross-site scripting (XSS) vulnerability classified under CWE-83, affecting the CVAT (Computer Vision Annotation Tool) open-source software versions 2.2.0 through 2.54.0. CVAT is widely used for interactive video and image annotation in computer vision projects. The vulnerability arises from improper neutralization of script in HTML attributes within the web interface. An attacker can exploit this by creating a maliciously crafted label within a CVAT task or project or by uploading a malicious SVG image when configuring a skeleton. When a victim user views or edits the malicious label or views a shape linked to it, or uploads the crafted SVG, the attacker's JavaScript executes in the victim's browser context. This leads to temporary access to all CVAT resources available to the victim user, potentially exposing sensitive annotation data or allowing further malicious actions within the CVAT environment. The attack requires user interaction (viewing or editing the malicious content) but does not require prior authentication or elevated privileges, increasing the attack surface. The vulnerability was assigned CVSS version 4.0 with a score of 8.6, indicating a high severity due to network attack vector, low complexity, no privileges required, but requiring user interaction, and causing high confidentiality and integrity impacts. No known exploits in the wild have been reported as of the publication date (January 21, 2026). The issue is resolved in CVAT version 2.55.0, which presumably includes proper input sanitization and output encoding to neutralize script injection in attributes.

For European organizations, especially those engaged in AI research, computer vision, and data annotation, this vulnerability poses a significant risk. Exploitation can lead to unauthorized access to sensitive annotation data, manipulation of labeling tasks, and potential lateral movement within the CVAT environment. Since CVAT is often used in collaborative settings, a successful attack could compromise multiple users' data and workflows. The temporary access granted to attackers could result in data leakage, integrity violations of annotation projects, and disruption of AI model training pipelines. Given the increasing reliance on AI and machine learning in Europe, such a compromise could affect research integrity, intellectual property, and operational continuity. Additionally, organizations subject to GDPR must consider the data protection implications of unauthorized data access. The requirement for user interaction somewhat limits automated exploitation but does not eliminate risk, especially in environments with many users and frequent collaboration.

The primary and most effective mitigation is to upgrade all CVAT instances to version 2.55.0 or later, where the vulnerability is fixed. Until upgrading is possible, organizations should implement strict input validation and sanitization on all user-supplied labels and SVG uploads to prevent script injection. Restricting SVG uploads or disabling skeleton configuration features temporarily can reduce risk. Educate users to be cautious when editing or viewing labels and shapes, especially those created by untrusted sources. Employ Content Security Policy (CSP) headers to limit the impact of potential script execution. Monitor CVAT logs for unusual activity and consider network segmentation to limit the exposure of CVAT servers. Regularly audit user permissions to minimize the number of users who can create or edit labels and upload SVGs. Finally, incorporate vulnerability scanning and penetration testing focused on web application security to detect similar issues proactively.