Skip to main content

Midscene Bridge Server CVE-2026-59804

| EUVDEUVD-2026-42373 HIGH
Missing Origin Validation in WebSockets (CWE-1385)
2026-07-08 VulnCheck GHSA-8rcx-4rjr-4wpf
7.6
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
7.6 HIGH
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Reachable via victim's browser (AV:N) but needs an active session and slot race (AC:H) plus victim visiting a malicious page (UI:R); no auth token (PR:N); command injection/exfiltration gives C:H/I:H and the unconditional kill gives A:H.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jul 08, 2026 - 20:32 vuln.today

DescriptionCVE.org

Midscene Bridge Server through 1.10.3, fixed in commit 86f4118, contains a missing authentication and CORS misconfiguration vulnerability that allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, which performs no Origin header validation and requires no authentication token. Attackers can connect from any web page visited by the victim to seize the single-client slot, intercept and inject automation commands, exfiltrate command-payload data, or unconditionally terminate the server by supplying the MIDSCENE_BRIDGE_SIGNAL_KILL query parameter.

AnalysisAI

Cross-origin WebSocket session hijacking in Midscene Bridge Server through version 1.10.3 lets any web page a victim visits connect to the locally running Socket.IO server without an Origin check or authentication token, seizing the tool's single-client slot. Once connected, a remote attacker can intercept and inject browser-automation commands, exfiltrate command-payload data, or unconditionally kill the server via the MIDSCENE_BRIDGE_SIGNAL_KILL query parameter. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Lure victim to malicious web page
Delivery
Open cross-origin WebSocket to local bridge
Exploit
Seize single-client session slot
Execution
Inject/intercept automation commands
Impact
Exfiltrate payloads or send kill signal

Vulnerability AssessmentAI

Exploitation Exploitation requires that the Midscene Bridge Server be running with an active bridge session, and that the victim visit an attacker-controlled web page in a browser that can reach the local Socket.IO port (UI:P - victim interaction is required). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 score is 7.6 (High) with vector AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N, indicating network reachability with no privileges but with meaningful mitigating factors: high attack complexity (AC:H) and required user interaction (UI:P - the victim must visit an attacker-controlled page while a bridge session is active). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A developer runs a Midscene automation task with the Bridge Server active on their workstation, then visits an attacker-controlled or compromised web page in the same browser. Malicious JavaScript on that page opens a cross-origin WebSocket to the local Socket.IO server, hijacks the single-client slot, and injects automation commands or exfiltrates command payloads - or appends MIDSCENE_BRIDGE_SIGNAL_KILL to terminate the server. …
Remediation Upgrade to a Midscene release containing the fix in commit 86f4118 (https://github.com/web-infra-dev/midscene/commit/86f4118d1d847041c63d79e347e08c87c3f1a882), which adds Origin validation and authentication to the Bridge Server; an upstream fix is available via PR 2759 (https://github.com/web-infra-dev/midscene/pull/2759) but a specific tagged patched release version was not provided in the input, so confirm the exact release with the vendor advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems running Midscene Bridge Server version 1.10.3 or earlier. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-59804 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy