CVE-2026-11436
MediumCVSS 4.3Summary
A vulnerability was detected in Mage AI up to version 0.9.79, affecting the function useMutation in the file mage_ai/frontend/components/Sessions/SignForm/index.tsx. Manipulating the argument query.redirect_url leads to a cross-site scripting attack.
Risk Assessment
Remote exploitation of this vulnerability is possible, posing a risk to the application's security and user data. The public disclosure of the exploit increases the likelihood of attacks.
Recommendation
It is recommended to update Mage AI to the latest version to eliminate this vulnerability. A security audit of the application should also be conducted to identify potential threats.
Original NVD description (English source)
A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mage_ai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performing a manipulation of the argument query.redirect_url results in cross site scripting. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

