CVE-2026-22033 – This is a persistent stored XSS vulnerability i... (How to Fix)

Q: What is the severity of CVE-2026-22033?

CVE-2026-22033 has a CVSS score of 5.4 (MEDIUM). This is a persistent stored XSS vulnerability in Label Studio's custom_hotkeys functionality that allows authenticated attackers to inject malicious JavaScript. When executed in victims' browsers, the script can steal API tokens or reset them, leading to account takeover and unauthorized API access. All users of Label Studio versions 1.22.0 and earlier are affected.

📋 TL;DR

This is a persistent stored XSS vulnerability in Label Studio's custom_hotkeys functionality that allows authenticated attackers to inject malicious JavaScript. When executed in victims' browsers, the script can steal API tokens or reset them, leading to account takeover and unauthorized API access. All users of Label Studio versions 1.22.0 and earlier are affected.

💻 Affected Systems

Products:

Label Studio

Versions: 1.22.0 and earlier

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to exploit, either directly or by tricking users/admins into updating custom_hotkeys.

📦 What is this software?

Label Studio by Humansignal

View all CVEs affecting Label Studio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete account takeover of any user, unauthorized API access, potential data exfiltration, and privilege escalation within the Label Studio instance.

🟠

Likely Case

Attacker steals API tokens from authenticated users, gains unauthorized access to their accounts and data, and potentially performs actions on their behalf.

🟢

If Mitigated

Limited impact if proper input validation, output encoding, and CSRF protections are implemented; attacker cannot execute malicious scripts.

🌐 Internet-Facing: HIGH - If Label Studio is exposed to the internet, attackers can target any user who visits the application.

🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts can still exploit this vulnerability against other users within the organization.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once an attacker can inject JavaScript via custom_hotkeys.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.22.1 or later

Vendor Advisory: https://github.com/HumanSignal/label-studio/security/advisories/GHSA-2mq9-hm29-8qch

Restart Required: Yes

Instructions:

1. Update Label Studio to version 1.22.1 or later. 2. Apply the patch from commit ea2462bf042bbf370b79445d02a205fbe547b505. 3. Restart the Label Studio service.

🔧 Temporary Workarounds

Disable custom_hotkeys functionality

all

Temporarily disable the vulnerable custom_hotkeys feature to prevent exploitation.

Modify configuration to remove or disable custom_hotkeys functionality

Implement Content Security Policy (CSP)

all

Add CSP headers to restrict script execution and mitigate XSS impact.

Add 'Content-Security-Policy' header with appropriate directives

🧯 If You Can't Patch

Restrict access to Label Studio to trusted users only and implement network segmentation.
Monitor for suspicious activity in custom_hotkeys updates and API token access patterns.

🔍 How to Verify

Check if Vulnerable:

Check Label Studio version; if it's 1.22.0 or earlier, it's vulnerable. Review custom_hotkeys configuration for malicious scripts.

Check Version:

Check Label Studio interface or run: python -c "import label_studio; print(label_studio.__version__)"

Verify Fix Applied:

Verify version is 1.22.1 or later and that the patch from commit ea2462bf042bbf370b79445d02a205fbe547b505 is applied.

📡 Detection & Monitoring

Log Indicators:

Unusual custom_hotkeys updates
API token access from unexpected sources
JavaScript injection patterns in logs

Network Indicators:

Suspicious requests to /api/current-user/token endpoint
Unexpected API calls following page loads

SIEM Query:

Search for patterns of custom_hotkeys modifications followed by API token access or reset requests.

📊 Metadata

CVE ID: CVE-2026-22033

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.03% exploit probability (8.1th percentile)

Published: January 12, 2026

Last Updated: January 27, 2026

🔗 References

https://github.com/HumanSignal/label-studio/commit/ea2462bf042bbf370b79445d02a205fbe547b505 Patch
https://github.com/HumanSignal/label-studio/pull/9084 Issue Tracking
https://github.com/HumanSignal/label-studio/security/advisories/GHSA-2mq9-hm29-8qch Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-22033, you might also want to check these: