A vulnerability categorized as problematic has been discovered in kortix-ai suna up to 0.8.38 . Affected by this issue is the function router.replace/router.push of the file apps/frontend/src/app/auth/page.tsx of the component Auth Endpoint . Executing a manipulation of the argument returnURL can lead to cross site scripting. The identification of this vulnerability is CVE-2026-12811 . The attack may be launched remotely. Furthermore, there is an exploit available. It is advisable to upgrade the