CVE-2024-52928
CVE-2024-52928
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.6EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
26 Jun 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Arc before 1.26.1 on Windows has a bypass issue in the site settings that allows websites (with previously granted permissions) to add new permissions when the user clicks anywhere on the website.
CVSS:3.1/AC:L/AV:N/A:L/C:H/I:H/PR:N/S:C/UI:R
Affected products
n/a · n/a