Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-45088
Deferred
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-27 May, 2026 | 18:16
Updated At-27 May, 2026 | 19:49

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tagged and deserialized directly from the attacker's request body, then propagated unchanged through dalfox.Initialize into the scan engine. The engine passes the value to voltFile.ReadLinesOrLiteral, which reads lines from any file path accessible to the dalfox process and embeds each line as an XSS payload in outbound HTTP requests directed at the attacker-controlled target URL. Because the server has no API key by default, an unauthenticated network attacker can exfiltrate the contents of arbitrary files on the dalfox host by reading them line-by-line through scan traffic. This vulnerability is fixed in 2.13.0.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-73Secondarysecurity-advisories@github.com
CWE-306Secondarysecurity-advisories@github.com
CWE-552Secondarysecurity-advisories@github.com
CWE ID: CWE-73
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-306
Type: Secondary
Source: security-advisories@github.com
CWE ID: CWE-552
Type: Secondary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/hahwul/dalfox/releases/tag/v2.13.0security-advisories@github.com
N/A
https://github.com/hahwul/dalfox/security/advisories/GHSA-35wr-x7v6-9fv2security-advisories@github.com
N/A
https://github.com/hahwul/dalfox/security/advisories/GHSA-35wr-x7v6-9fv2134c704f-9b21-4f2e-91b3-4a467353bcc0
N/A
Hyperlink: https://github.com/hahwul/dalfox/releases/tag/v2.13.0
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/hahwul/dalfox/security/advisories/GHSA-35wr-x7v6-9fv2
Source: security-advisories@github.com
Resource: N/A
Hyperlink: https://github.com/hahwul/dalfox/security/advisories/GHSA-35wr-x7v6-9fv2
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource: N/A
Change History
0Changes found
Details not found