Junyan Chin

1 exploit Active since Mar 2026
CVE-2026-28509 WRITEUP MEDIUM WRITEUP
langbot < 4.8.7 - Cross-Site Scripting via rehypeRaw HTML Rendering
LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting (XSS) vulnerability. This issue has been patched in version 4.8.7.
CVSS 6.3