MEDIUM
Vulncheck
CVE published 2026-03-27
CVE-2026-32859
CVE-2026-32859 describes a stored cross-site scripting issue in ByteDance DeerFlow’s artifacts API. The vulnerability affects versions prior to commit 5dbb362, where malicious HTML or script content uploaded as an artifact can later execute in a viewer’s browser context. Because the payload is stored and triggered on view, the main risks are session compromise, credential theft, and unauthorized actions i [truncated]