CVE Vulnerabilities

CVE-2026-12823

Incorrect Privilege Assignment

Published: Jun 22, 2026 | Modified: Jul 03, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io logo minimus.io logo echo.ai logo

A security flaw has been discovered in Browserbase Skills up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The first version of the CVE listed Browserbase itself as affected product. This was incorrect as this issue does affect browserbase/skills instead. The vendor was contacted early about this disclosure.

Weakness

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Potential Mitigations

References