Stored Configuration Vulnerability in PlaywrightCapture by Lookyloo
CVE-2026-63175

7.1HIGH

Key Information:

Vendor

Lookyloo

Vendor
CVE Published:
15 July 2026

What is CVE-2026-63175?

PlaywrightCapture contains a vulnerability where capture-specific configuration and runtime data is stored as mutable class-level variables instead of instance-level variables. This design flaw allows for shared state among multiple Capture objects within a single Python process. As a result, sensitive information such as HTTP headers, cookies, and authentication credentials may persist and be reused across different capture operations. In environments with multiple users or concurrent executions, this could lead to unauthorized access to user data or interference with ongoing captures. The issue is addressed by restructuring the code to use instance variables, thereby isolating the state for each capture and preventing data leakage.

Affected Version(s)

PlaywrightCapture 0

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Raphael Vinot
Aurelien Thirion
.