Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Remote, unauthenticated, low-complexity single crafted URL (AV:N/AC:L/PR:N) but needs the agent to visit it (UI:R); SOP bypass crosses origins (S:C) leaking and forging cross-origin data (C:H/I:H, A:N).
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Lifecycle Timeline
4DescriptionCVE.org
Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component when computing a page origin, so a URL such as http://attacker.com/@victim.com/ was fetched from attacker.com but treated as http://victim.com, allowing a complete Same-Origin Policy bypass. This issue is fixed in version 0.3.1.
AnalysisAI
Same-Origin Policy bypass in Lightpanda headless browser before 0.3.1 allows an attacker-controlled site to impersonate an arbitrary victim origin. Because origin computation searched for the '@' userinfo delimiter across the entire URL string rather than only the authority component, a URL like http://attacker.com/@victim.com/ was fetched from attacker.com yet treated as origin http://victim.com, breaking the fundamental web isolation boundary. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the Lightpanda browser (version < 0.3.1) to fetch an attacker-crafted URL whose path contains an '@' followed by the target hostname, e.g. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are largely consistent toward high real-world severity for affected deployments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker hosts a page at http://attacker.com/@victim.com/ and lures a Lightpanda-driven automation agent or scraper into fetching it (UI:R). Lightpanda serves the attacker's content but stamps it with the origin http://victim.com, so the attacker's script can read cookies, storage, or authenticated responses scoped to victim.com and exfiltrate them, effectively bypassing the Same-Origin Policy. … |
| Remediation | Vendor-released patch: 0.3.1 - upgrade Lightpanda to version 0.3.1 or later, which replaces whole-string '@' searching with the bounded parseAuthority() logic (see release https://github.com/lightpanda-io/browser/releases/tag/0.3.1, PR https://github.com/lightpanda-io/browser/pull/1998, and advisory https://github.com/lightpanda-io/browser/security/advisories/GHSA-mq6p-m9cc-q432). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: audit all systems running Lightpanda to identify affected versions (any before 0.3.1) and map all business-critical automation pipelines using the tool. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function han
An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android
Cross-origin credential leakage in Lightpanda, a headless browser built for AI and automation workloads, occurs because
Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allo
SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote
Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in T
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. Rated medium severity
Same weakness CWE-346 – Origin Validation Error
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44720