RSS Feed URL Validation Flaw in Zen Browser by Zen Technologies
CVE-2026-44658

2.4LOW

Key Information:

Vendor: Zen-browser
Status: Desktop
Vendor: CVE Published:; 11 May 2026

🔔 Create Zen-browser Vulnerability Alert

What is CVE-2026-44658?

An improper validation vulnerability exists in the Zen browser, which is Firefox-based. In versions prior to 1.19.12b, user-entered RSS feed URLs are restricted to http: or https: during the validation process. However, item links within the RSS feeds do not undergo the same strict checks. This oversight allows potentially malicious links to bypass security measures, leading to a risk of unsafe content being loaded. The vulnerability was addressed in version 1.19.12b, which enhanced URL validation mechanisms for item links within feeds.

Affected Version(s)

desktop < 1.19.12b

References

https://github.com/zen-browser/desktop/security/advisorie...

x_refsource_CONFIRM

CVSS V3.1

Score:

2.4

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2026
Vulnerability Reserved
May 7, 2026

CVE-2026-44658 Data

JSON