CVE-2026-34226
HIGH
7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Description
AI Translation Available
Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Versions prior to 20.8.9 may attach cookies from the current page origin (`window.location`) instead of the request target URL when `fetch(..., { credentials: 'include' })` is used. This can leak cookies from origin A to destination B. Version 20.8.9 fixes the issue.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0003
Percentile
0,1th
Updated
EPSS Score Trend (Last 2 Days)
201
Insertion of Sensitive Information Into Sent Data
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Files Or Directories
Read Memory
Read Application Data
Applicable Platforms
All platforms may be affected
359
Exposure of Private Personal Information to an Unauthorized Actor
IncompleteCommon Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies:
Mobile
https://github.com/capricorn86/happy-dom/blob/f8d8cad41e9722fab9eefb9dfb3cca696…
https://github.com/capricorn86/happy-dom/commit/68324c21d7b98f53f7bb5a7b3e185bd…
https://github.com/capricorn86/happy-dom/pull/2117
https://github.com/capricorn86/happy-dom/releases/tag/v20.8.9
https://github.com/capricorn86/happy-dom/security/advisories/GHSA-w4gp-fjgq-3q4g