Skip to main content

Cveclient Encrypt Storage Js

1 CVEs product

Monthly

CVE-2026-35467 HIGH PATCH This Week

Stored API keys in CERT/CC's cveClient encrypt-storage.js are not marked as protected in browser temporary storage, enabling extraction of encryption credentials through JavaScript console access or error messages. Attackers with local access to a user's browser environment can retrieve sensitive API keys without authentication, affecting all versions before 1.1.15.

Information Disclosure Cveclient Encrypt Storage Js
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Stored API keys in CERT/CC's cveClient encrypt-storage.js are not marked as protected in browser temporary storage, enabling extraction of encryption credentials through JavaScript console access or error messages. Attackers with local access to a user's browser environment can retrieve sensitive API keys without authentication, affecting all versions before 1.1.15.

Information Disclosure Cveclient Encrypt Storage Js
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy