CVE-2026-33311 | DiceBear up to 5.4.3/6.1.3/7.1.3/8.0.2/9.4.0 createAvatar cross site scripting

A vulnerability classified as problematic has been found in DiceBear up to 5.4.3/6.1.3/7.1.3/8.0.2/9.4.0. Affected by this issue is the function createAvatar. This manipulation causes cross site scripting.

This vulnerability is handled as CVE-2026-33311. The attack can be initiated remotely. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More