Cross Site Scripting Vulnerability in Teable by Teableio
CVE-2026-9566

5.3MEDIUM

Key Information:

Vendor

Teableio

Status
Teable
Vendor
CVE Published:
26 May 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-9566?

A security flaw was discovered in Teable by Teableio, specifically in the Sign-up component found in the LoginPage.tsx file. This vulnerability allows an attacker to manipulate the redirect parameter, resulting in a Cross Site Scripting (XSS) exploit that can be executed remotely. The attack leverages the lack of validation for redirection paths, enabling potential exploitation. The vendor has released an update that addresses this issue by implementing validation checks through the isValidRedirectPath() function to prevent invalid redirects. Users are strongly encouraged to upgrade to the latest version to safeguard their systems against this vulnerability.

Affected Version(s)

teable 1.0

teable 1.1

teable 1.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-9566 - Proof of Concept

References

https://vuldb.com/vuln/365628
vdb-entrytechnical-description
https://vuldb.com/vuln/365628/cti
signaturepermissions-required
https://vuldb.com/submit/815798
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

trebledj (VulDB User)
VulDB CNA Team
.