CVE-2026-12068 | THREATINT

Description

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.

PUBLISHED Reserved 2026-06-12 | Published 2026-06-12 | Updated 2026-06-12 | Assigner GEN

HIGH: 7.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Problem types

CWE-669 Incorrect Resource Transfer Between Contexts

Product status

Default status

affected

Credits

Riccardo, an independent security researcher at TU Wien reporter

References

www.gendigital.com/us/en/contact-us/security-advisories/

cve.org (CVE-2026-12068)

nvd.nist.gov (CVE-2026-12068)

Download JSON