CVE-2025-66286
Webkitgtk: authorization bypass through webpage::send-request signal handler
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 4.7EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
23 abr 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the
WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP requests bypass this signal handler.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Produtos afetados
Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 9Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →