What happened
A weakness in kortix-ai/suna up to version 0.8.38 allows Cross-Site Scripting (XSS) via manipulation of the returnURL argument in the router.replace/router.push function of apps/frontend/src/app/auth/page.tsx (Auth Endpoint). CVSS 4.3 Medium; published 2026-06-21.
Why it matters
Suna is an open-source agentic AI platform. A reflected XSS in the auth endpoint can be used to hijack authenticated user sessions, redirect users to attacker-controlled pages after login, or inject malicious scripts into the agent management interface — enabling session theft that could be leveraged to take over AI agent configurations or exfiltrate data processed by agents.
Attack vector
Attacker crafts a malicious URL containing a weaponised returnURL parameter and entices an authenticated user to visit it, causing script execution in the victim's browser within the Suna auth context.
Affected systems
kortix-ai/suna ≤ 0.8.38
Mitigation
Upgrade suna to a version beyond 0.8.38. NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-12811