CVE-2026-35467 | THREATINT

Description

The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.

PUBLISHED Reserved 2026-04-02 | Published 2026-04-02 | Updated 2026-04-03 | Assigner certcc

Problem types

CWE-522 Insufficiently Protected Credentials

Product status

Default status

unaffected

Any version before 1.1.15

affected

Credits

Jerry Gamblin (https://github.com/jgamblin) finder

References

github.com/CERTCC/cveClient/pull/39 (Github PR to fix the issue)

github.com/CERTCC/cveClient/ (Github Repository of the project.)

cve.org (CVE-2026-35467)

nvd.nist.gov (CVE-2026-35467)

Download JSON