Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Reachable via victim's browser (AV:N) but needs an active session and slot race (AC:H) plus victim visiting a malicious page (UI:R); no auth token (PR:N); command injection/exfiltration gives C:H/I:H and the unconditional kill gives A:H.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, which performs no Origin header validation and requires no authentication token. Attackers can connect from any web page visited by the victim to seize the single-client slot, intercept and inject automation commands, exfiltrate command-payload data, or unconditionally terminate the server by supplying the MIDSCENE_BRIDGE_SIGNAL_KILL query parameter.
AnalysisAI
Cross-origin WebSocket session hijacking in Midscene Bridge Server through version 1.10.3 lets any web page a victim visits connect to the locally running Socket.IO server without an Origin check or authentication token, seizing the tool's single-client slot. Once connected, a remote attacker can intercept and inject browser-automation commands, exfiltrate command-payload data, or unconditionally kill the server via the MIDSCENE_BRIDGE_SIGNAL_KILL query parameter. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the Midscene Bridge Server be running with an active bridge session, and that the victim visit an attacker-controlled web page in a browser that can reach the local Socket.IO port (UI:P - victim interaction is required). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 4.0 score is 7.6 (High) with vector AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N, indicating network reachability with no privileges but with meaningful mitigating factors: high attack complexity (AC:H) and required user interaction (UI:P - the victim must visit an attacker-controlled page while a bridge session is active). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A developer runs a Midscene automation task with the Bridge Server active on their workstation, then visits an attacker-controlled or compromised web page in the same browser. Malicious JavaScript on that page opens a cross-origin WebSocket to the local Socket.IO server, hijacks the single-client slot, and injects automation commands or exfiltrates command payloads - or appends MIDSCENE_BRIDGE_SIGNAL_KILL to terminate the server. … |
| Remediation | Upgrade to a Midscene release containing the fix in commit 86f4118 (https://github.com/web-infra-dev/midscene/commit/86f4118d1d847041c63d79e347e08c87c3f1a882), which adds Origin validation and authentication to the Bridge Server; an upstream fix is available via PR 2759 (https://github.com/web-infra-dev/midscene/pull/2759) but a specific tagged patched release version was not provided in the input, so confirm the exact release with the vendor advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all systems running Midscene Bridge Server version 1.10.3 or earlier. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-1385 – Missing Origin Validation in WebSockets
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42373
GHSA-8rcx-4rjr-4wpf