Security Flaw in Zen Browser Affects Context-Menu Actions
CVE-2026-57501

NONE

Key Information:

Status
Vendor
CVE Published:
9 July 2026

What is CVE-2026-57501?

A vulnerability in Zen Browser allows context-menu actions to load page-controlled links with System privileges instead of the appropriate principal. This flaw permits a malicious webpage to execute file URLs, bypassing security checks intended to prevent unauthorized file access when using the 'Open link in glance' and 'Split link in new tab' functionalities. The issue is rectified in version 1.21.5b.

Affected Version(s)

desktop < 1.21.5b

References

CVSS V3.1

Score:
Severity:
NONE
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.