CVE-2026-35467

high

Description

The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.

References

https://github.com/CERTCC/cveClient/pull/39

https://github.com/CERTCC/cveClient/

Details

Source: Mitre, NVD

Published: 2026-04-02

Updated: 2026-06-03

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N