Stored Configuration Vulnerability in PlaywrightCapture by Lookyloo
CVE-2026-63175
What is CVE-2026-63175?
PlaywrightCapture contains a vulnerability where capture-specific configuration and runtime data is stored as mutable class-level variables instead of instance-level variables. This design flaw allows for shared state among multiple Capture objects within a single Python process. As a result, sensitive information such as HTTP headers, cookies, and authentication credentials may persist and be reused across different capture operations. In environments with multiple users or concurrent executions, this could lead to unauthorized access to user data or interference with ongoing captures. The issue is addressed by restructuring the code to use instance variables, thereby isolating the state for each capture and preventing data leakage.
Affected Version(s)
PlaywrightCapture 0
