Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Network-reachable, low-complexity, no privileges but requires the session to load attacker content (UI:R); abusing one origin against a different victim origin is a scope change with high confidentiality and integrity impact, no availability effect.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Lifecycle Timeline
4DescriptionCVE.org
Lightpanda is a headless browser designed for AI and automation. Prior to 0.2.9, Lightpanda fetch() and XMLHttpRequest unconditionally attached session cookies to every HTTP request, ignoring credentials: omit, credentials: same-origin, credentials: include, and XMLHttpRequest.withCredentials, allowing an attacker-controlled origin in a Lightpanda session to issue authenticated cross-origin requests against a victim origin. This issue is fixed in version 0.2.9.
AnalysisAI
Cross-origin credential leakage in Lightpanda, a headless browser built for AI and automation workloads, occurs because fetch() and XMLHttpRequest attach session cookies to every outbound HTTP request regardless of the caller's requested credentials mode. In versions prior to 0.2.9, the credentials: omit, credentials: same-origin, credentials: include, and XMLHttpRequest.withCredentials controls are all ignored, so attacker-controlled content running inside a Lightpanda session can silently issue authenticated cross-origin requests against any victim origin whose cookies are present in the session's shared cookie jar. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a Lightpanda session (version prior to 0.2.9) whose shared cookie jar already contains valid session cookies for a target/victim origin, and requires attacker-controlled web content to execute inside that same session and issue a fetch() or XMLHttpRequest to the victim origin - this is the UI:R interaction. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The published CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N, 9.3) is internally consistent with the described flaw: network-reachable, low-complexity, no privileges, but requiring interaction (the session must load attacker-controlled content), with a scope change because the attacker abuses one origin's context to act against a different victim origin, yielding high confidentiality and integrity impact and no availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An operator runs a Lightpanda automation session that is logged into an internal application (holding its session cookies), then directs or allows the session to load an attacker-controlled page. That page issues a fetch() or XMLHttpRequest to the internal application's origin with credentials: omit set; Lightpanda ignores the directive, attaches the victim's session cookies, and the attacker's script reads the authenticated response. … |
| Remediation | Vendor-released patch: 0.2.9 - upgrade Lightpanda to 0.2.9 or later, which enforces credentials mode and same-origin checks before attaching session cookies (see release https://github.com/lightpanda-io/browser/releases/tag/0.2.9 and advisory https://github.com/lightpanda-io/browser/security/advisories/GHSA-36mm-v3c2-24cc). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Audit your Lightpanda deployments to identify instances handling untrusted content or running with persistent authentication credentials; document which systems and credentials are at risk. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function han
An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android
Same-Origin Policy bypass in Lightpanda headless browser before 0.3.1 allows an attacker-controlled site to impersonate
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allo
SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote
Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in T
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. Rated medium severity
Same weakness CWE-346 – Origin Validation Error
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44714