Avira Password Manager credential disclosure via cross-origin autofill in Firefox
CVE-2026-12068

7.4HIGH

Key Information:

Vendor: Gen Digital
Status: Avira Password Manager
Vendor: CVE Published:; 12 June 2026

🔔 Create Gen Digital Vulnerability Alert

What is CVE-2026-12068?

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection.

This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.

Affected Version(s)

Avira Password Manager Firefox *

References

https://www.gendigital.com/us/en/contact-us/security-advi...

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 12, 2026
Vulnerability Reserved
Jun 12, 2026

Credit

Riccardo, an independent security researcher at TU Wien

CVE-2026-12068 Data

JSON