CVE-2026-35467
Private Key stored as extractable in browser IndexeDB
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Productos afectados
CERT/CC · cveClient/encrypt-storage.js¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →