CVE-2026-22033
Label Studio is a multi-type data labeling and annotation tool. In 1.22.0 and earlier, a persistent stored cross-site scripting (XSS) vulnerability exists in the custom_hotkeys functionality of the application. An authenticated attacker (or one who can trick a user/administrator into updating their custom_hotkeys) can inject JavaScript code that executes in other users’ browsers when those users load any page using the templates/base.html template. Because the application exposes an API token endpoint (/api/current-user/token) to the browser and lacks robust CSRF protection on some API endpoints, the injected script may fetch the victim’s API token or call token reset endpoints — enabling full account takeover and unauthorized API access.
EPSS 0.01% · 2.8th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| HumanSignal | label-studio | <= 1.22.0, <= 1.22.0 |
| humansignal | label_studio | 0, 0 |
| PyPI | label-studio | 0, 0 |
Timeline
- Dec 29, 2025 Fix PR Merged
- Jan 12, 2026 CVE Published
- Jan 12, 2026 PoC Published
- Jan 13, 2026 EPSS Score
- Jan 16, 2026 EPSS Score
- Jan 19, 2026 EPSS Score
- Jan 22, 2026 EPSS Score
- Jan 24, 2026 PoC Published
- Jan 25, 2026 EPSS Score
- Jan 28, 2026 EPSS Score
- Jan 30, 2026 Security Advisory
- Jan 31, 2026 EPSS Score
References
- https://github.com/HumanSignal/label-studio/security/advisories/GHSA-2mq9-hm29-8qch url
- https://github.com/HumanSignal/label-studio/pull/9084 url
- https://github.com/HumanSignal/label-studio/commit/ea2462bf042bbf370b79445d02a205fbe547b505 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-22033 advisory
- https://github.com/HumanSignal/label-studio package
- https://github.com/HumanSignal/label-studio/releases/tag/nightly url