AI Threat Alert

CVE-2026-42558: Xibo CMS: Stored XSS + iframe sandbox escape via DataSet

HIGH
Published June 10, 2026
CISO Take

Xibo CMS prior to 4.4.2 contains a vulnerability chain combining stored XSS with iframe sandbox escape through the Data Connector feature, allowing any user with DataSet permissions to execute arbitrary JavaScript in authenticated sessions of other users, including administrators. The CVSS scope change indicator (S:C) is the critical multiplier here — a low-privileged content editor can break authorization boundaries and compromise administrator sessions, gaining full CMS control over all connected digital signage displays. No public exploit or KEV listing currently reduces immediate urgency, but the low attack complexity and persistent nature of stored XSS make this readily weaponizable by any insider with DataSet access. Organizations running Xibo — especially those feeding AI-generated or ML-processed data into DataSets — should upgrade to 4.4.2 immediately or revoke DataSet Add and Data Connector privileges from untrusted accounts as an interim control.

Sources: NVD GitHub Advisory ATLAS

What is the risk?

High risk for multi-tenant or multi-user Xibo deployments. CVSS 7.6 reflects network exploitability with low complexity and minimal privileges required, but the scope change (S:C) is the critical differentiator — the attacker breaks out of their authorization boundary to affect administrators. The iframe sandbox escape elevates this beyond routine stored XSS: standard CSP controls on DataSet iframes may be bypassed via CWE-346 origin validation failure. No CISA KEV listing and unavailable EPSS data suggest no observed active exploitation yet, but the low technical bar means any disgruntled insider or compromised low-privilege account is a credible threat actor.

How does the attack unfold?

Initial Access
Attacker with low-privilege DataSet account crafts a malicious Data Connector payload targeting the iframe sandbox boundary in Xibo CMS.
AML.T0049
Execution
Stored XSS payload escapes the iframe sandbox via origin validation bypass (CWE-346) when any authenticated user views a layout containing the malicious DataSet.
AML.T0011
Credential Access
Malicious JavaScript silently exfiltrates administrator session tokens or CSRF tokens to an attacker-controlled endpoint without user awareness.
AML.T0106
Impact
Adversary uses captured credentials to hijack the administrator session, gaining full CMS control to alter or poison content across all connected digital signage displays.
AML.T0048.001

How severe is it?

CVSS 3.1
7.6 / 10
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
Moderate

What is the attack surface?

AV AC PR UI S C I A
AV Network
AC Low
PR Low
UI Required
S Changed
C High
I Low
A None

What should I do?

6 steps

  1. Upgrade Xibo CMS to version 4.4.2 immediately — this is the only complete remediation per the vendor advisory.

  2. If patching is delayed, revoke 'Add DataSet' and Data Connector privileges from all non-administrator accounts without delay.

  3. Audit all existing DataSet configurations for unexpected Data Connector entries or unfamiliar payload structures introduced by non-admin users.

  4. Review application access logs for anomalous DataSet creation or modification events, particularly from low-privilege accounts.

  5. Implement a strict Content Security Policy on the Xibo CMS origin with explicit script-src directives as a defense-in-depth measure.

  6. If Xibo instances are accessible from the internet, consider placing them behind a WAF with XSS detection rules as a temporary control.

How is it classified?

Code Execution Auth Bypass Data Extraction Framework AML.T0011 AML.T0048.001 AML.T0049 AML.T0078 AML.T0106

Which compliance frameworks are affected?

This CVE is relevant to:

EU AI Act
Art. 15 - Accuracy, robustness and cybersecurity
ISO 42001
A.6.2 - Roles, responsibilities and authorities
NIST AI RMF
MS-2.5 - Manage — Vulnerability Remediation
OWASP LLM Top 10
LLM06 - Sensitive Information Disclosure

Frequently Asked Questions

What is CVE-2026-42558?

Xibo CMS prior to 4.4.2 contains a vulnerability chain combining stored XSS with iframe sandbox escape through the Data Connector feature, allowing any user with DataSet permissions to execute arbitrary JavaScript in authenticated sessions of other users, including administrators. The CVSS scope change indicator (S:C) is the critical multiplier here — a low-privileged content editor can break authorization boundaries and compromise administrator sessions, gaining full CMS control over all connected digital signage displays. No public exploit or KEV listing currently reduces immediate urgency, but the low attack complexity and persistent nature of stored XSS make this readily weaponizable by any insider with DataSet access. Organizations running Xibo — especially those feeding AI-generated or ML-processed data into DataSets — should upgrade to 4.4.2 immediately or revoke DataSet Add and Data Connector privileges from untrusted accounts as an interim control.

Is CVE-2026-42558 actively exploited?

No confirmed active exploitation of CVE-2026-42558 has been reported, but organizations should still patch proactively.

How to fix CVE-2026-42558?

1. Upgrade Xibo CMS to version 4.4.2 immediately — this is the only complete remediation per the vendor advisory. 2. If patching is delayed, revoke 'Add DataSet' and Data Connector privileges from all non-administrator accounts without delay. 3. Audit all existing DataSet configurations for unexpected Data Connector entries or unfamiliar payload structures introduced by non-admin users. 4. Review application access logs for anomalous DataSet creation or modification events, particularly from low-privilege accounts. 5. Implement a strict Content Security Policy on the Xibo CMS origin with explicit script-src directives as a defense-in-depth measure. 6. If Xibo instances are accessible from the internet, consider placing them behind a WAF with XSS detection rules as a temporary control.

What systems are affected by CVE-2026-42558?

This vulnerability affects the following AI/ML architecture patterns: data visualization dashboards, digital signage content pipelines, ML-driven content display systems, operational technology display environments, SOC situational awareness displays.

What is the CVSS score for CVE-2026-42558?

CVE-2026-42558 has a CVSS v3.1 base score of 7.6 (HIGH).

What is the AI security impact?

Affected AI Architectures

data visualization dashboardsdigital signage content pipelinesML-driven content display systemsoperational technology display environmentsSOC situational awareness displays

MITRE ATLAS Techniques

AML.T0011 User Execution
AML.T0048.001 Reputational Harm
AML.T0049 Exploit Public-Facing Application
AML.T0078 Drive-by Compromise
AML.T0106 Exploitation for Credential Access

Compliance Controls Affected

EU AI Act: Art. 15
ISO 42001: A.6.2
NIST AI RMF: MS-2.5
OWASP LLM Top 10: LLM06

What are the technical details?

Original Advisory

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.2, a vulnerability chain consisting of Stored XSS and Iframe Sandbox escape in the Xibo CMS allows users with DataSet permissions to use the Data Connector functionality to craft messages which escape the sandbox and facilitate XSS. Exploitation of the vulnerability is possible on behalf of an authorized user who has both of the following privileges, which are not granted to non-admins as standard: Include "Add DataSet" button to allow for additional DataSets to be created independently to Layouts Users should upgrade to version 4.4.2 which fixes this issue. Upgrading to a fixed version is necessary to remediate. Users unable to upgrade should revoke such privileges from users they do not trust.

Exploitation Scenario

An attacker with standard DataSet permissions creates a Data Connector configuration embedding a crafted payload that exploits the origin validation bypass (CWE-346) to escape the iframe sandbox. When a Xibo administrator reviews or approves a layout containing the malicious DataSet, the stored payload fires inside the iframe, escapes to the parent document context via the sandbox boundary vulnerability, and silently exfiltrates the admin's session cookies or CSRF tokens to an attacker-controlled external endpoint. The attacker then impersonates the administrator to modify live digital signage content across all display endpoints — a particularly high-impact scenario in organizations using Xibo to surface AI-curated threat dashboards, operational metrics, or real-time sensor analytics in SOC, executive briefing room, or public-facing environments.

Weaknesses (CWE)

CWE-116 Primary CWE-346 Primary CWE-79 Primary

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

References

Timeline

Published
June 10, 2026
Last Modified
June 10, 2026
First Seen
June 10, 2026

Related Vulnerabilities

CRITICAL CVE-2023-3765 10.0

MLflow: path traversal allows arbitrary file read

Same attack type: Data Extraction
CRITICAL CVE-2025-5120 10.0

smolagents: sandbox escape enables unauthenticated RCE

Same attack type: Code Execution
CRITICAL CVE-2025-2828 10.0

LangChain RequestsToolkit: SSRF exposes cloud metadata

Same attack type: Data Extraction
CRITICAL CVE-2025-53767 10.0

Azure OpenAI: SSRF EoP, no auth required (CVSS 10)

Same attack type: Data Extraction
CRITICAL CVE-2025-59528 10.0

Flowise: Unauthenticated RCE via MCP config injection

Same attack type: Code Execution
Back to Threat Feed