CVE-2026-2378

Published: Mar 20, 2026 Last Modified: Mar 20, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,4

Source: 59469e6c-7ea7-446f-8e43-06aa32c115e8

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: changed

Confidentiality: none

Integrity: high

Availability: none

Description

AI Translation Available

ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content.

1021

Improper Restriction of Rendered UI Layers or Frames

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control

Potential Impacts:

Gain Privileges Or Assume Identity Bypass Protection Mechanism Read Application Data Modify Application Data

Applicable Platforms

Technologies: Not Technology-Specific, Web Based

View CWE Details

https://arc.net/security/bulletins

CVE-2026-2378

Description

Improper Restriction of Rendered UI Layers or Frames

Common Consequences

Applicable Platforms

Iscriviti alla newsletter