Same-Origin Policy Bypass in Lightpanda Browser
CVE-2026-52842
9.3CRITICAL
What is CVE-2026-52842?
A vulnerability in the Lightpanda Browser prior to version 0.3.1 allowed attackers to exploit the way the browser computes page origins. By improperly interpreting URLs, the browser treated potentially malicious URL segments as trusted origins, leading to a Complete Same-Origin Policy bypass. This flaw permitted an attacker at attacker.com to interact with resources intended for victim.com, posing significant security risks to users leveraging the browser for AI and automation tasks. The issue has been resolved in version 0.3.1, reinforcing the browser's safety for users.
Affected Version(s)
browser < 0.3.1
