Skip to main content

Cordova Inappbrowser

1 CVEs product

Monthly

CVE-2026-47430 npm CRITICAL PATCH GHSA Act Now

Improper input validation in Apache Cordova Plugin InAppBrowser on iOS allows remote attackers to dispatch arbitrary Cordova callback IDs without validation, potentially leading to remote code execution within the hybrid app context. The issue was disclosed June 7, 2026 via the oss-security mailing list by an Apache contributor and is tagged RCE; no public exploit has been identified at time of analysis and it is not present in CISA KEV. The CVSS 4.0 base score of 9.5 reflects high impact across confidentiality, integrity, and availability of both the vulnerable component and downstream subsequent systems.

RCE Cordova Inappbrowser
NVD VulDB
CVSS 4.0
9.5
EPSS
0.1%
EPSS 0% CVSS 9.5
CRITICAL PATCH Act Now

Improper input validation in Apache Cordova Plugin InAppBrowser on iOS allows remote attackers to dispatch arbitrary Cordova callback IDs without validation, potentially leading to remote code execution within the hybrid app context. The issue was disclosed June 7, 2026 via the oss-security mailing list by an Apache contributor and is tagged RCE; no public exploit has been identified at time of analysis and it is not present in CISA KEV. The CVSS 4.0 base score of 9.5 reflects high impact across confidentiality, integrity, and availability of both the vulnerable component and downstream subsequent systems.

RCE Cordova Inappbrowser
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy