Skip to main content

Midscene

1 CVEs product

Monthly

CVE-2026-59804 HIGH POC PATCH This Week

Cross-origin WebSocket session hijacking in Midscene Bridge Server through version 1.10.3 lets any web page a victim visits connect to the locally running Socket.IO server without an Origin check or authentication token, seizing the tool's single-client slot. Once connected, a remote attacker can intercept and inject browser-automation commands, exfiltrate command-payload data, or unconditionally kill the server via the MIDSCENE_BRIDGE_SIGNAL_KILL query parameter. Publicly available exploit code exists (reported by VulnCheck) and a vendor patch is available (commit 86f4118); no active exploitation has been confirmed.

Authentication Bypass Midscene
NVD GitHub VulDB
CVSS 4.0
7.6
EPSS
0.2%
EPSS 0% CVSS 7.6
HIGH POC PATCH This Week

Cross-origin WebSocket session hijacking in Midscene Bridge Server through version 1.10.3 lets any web page a victim visits connect to the locally running Socket.IO server without an Origin check or authentication token, seizing the tool's single-client slot. Once connected, a remote attacker can intercept and inject browser-automation commands, exfiltrate command-payload data, or unconditionally kill the server via the MIDSCENE_BRIDGE_SIGNAL_KILL query parameter. Publicly available exploit code exists (reported by VulnCheck) and a vendor patch is available (commit 86f4118); no active exploitation has been confirmed.

Authentication Bypass Midscene
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy