← voltar
CVE-2025-66286

Webkitgtk: authorization bypass through webpage::send-request signal handler

CVSS 4.7 MEDIUMEPSS 0.2%CWE-639
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.7EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
23 abr 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP requests bypass this signal handler.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →