CVE-2026-28509

Publication date

2026-03-06 04:16:58

Family

GitHub_M

State

PUBLISHED

Description

LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting (XSS) vulnerability. This issue has been patched in version 4.8.7.