A critical vulnerability has been identified in the AIRI AI companion software, which could allow an unauthenticated attacker to inject and execute malicious code. Successful exploitation of this flaw could lead to complete system compromise, data theft, and unauthorized actions performed on behalf of legitimate users. Due to the high severity score, immediate patching is required to prevent potential compromise of sensitive information and application infrastructure.

The vulnerability exists within the MarkdownRenderer.vue component, which is responsible for processing and displaying Markdown content. The component fails to properly sanitize user-supplied input before rendering it in a user's browser. An attacker can craft malicious Markdown text containing a Cross-Site Scripting (XSS) payload (e.g., JavaScript code). When a victim views this malicious content, the script executes in their browser, allowing the attacker to steal session cookies, impersonate the user, exfiltrate data, or redirect them to malicious websites.

This vulnerability is rated as critical severity with a CVSS score of 9.6, posing a significant risk to the organization. Exploitation could result in the compromise of user accounts and the exfiltration of sensitive data processed by the AI companion. An attacker could gain full control over a user's session, leading to unauthorized access to proprietary information, reputational damage, and a loss of customer trust. Given that AIRI is a self-hosted solution, a successful attack could also serve as a pivot point for further intrusions into the internal network.

Immediate Action: Immediately apply the security patch provided by the vendor by updating all instances of AIRI to the latest version. Prioritize patching for internet-facing systems. After patching, review access and application logs for any signs of compromise or unusual activity preceding the update.

Proactive Monitoring: Implement enhanced monitoring of application logs, specifically looking for suspicious user-submitted content containing HTML tags like <script>, <iframe>, or JavaScript event handlers (e.g., onerror, onload). Monitor for unusual outbound network traffic from the application server that could indicate data exfiltration. Utilize security information and event management (SIEM) systems to create alerts for patterns consistent with XSS attacks.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with rulesets designed to detect and block common XSS attack vectors. Additionally, review and enforce a strict Content Security Policy (CSP) on the web server to restrict the execution of inline scripts and limit the domains from which resources can be loaded, thereby mitigating the impact of a potential XSS injection.

Public Exploit Available: false

Given the critical CVSS score of 9.6, this vulnerability requires immediate attention. We strongly recommend that all affected AIRI products be patched without delay to prevent potential exploitation. Although this CVE is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its high severity makes it a prime target for opportunistic attackers. Organizations should treat this as an urgent threat and prioritize remediation efforts across all environments.