7.5
CVE-2026-35467
- EPSS 0.23%
- Veröffentlicht 02.04.2026 20:27:27
- Zuletzt bearbeitet 03.06.2026 14:03:57
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
Private Key stored as extractable in browser IndexeDB
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.138 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
https://github.com/CERTCC/cveClient/pull/39
https://github.com/CERTCC/cveClient/