CVE-2026-12823
A security flaw has been discovered in Browserbase Skills up to 20260526. This impacts an unknown function of the component Autobrowse Trace
CVSS
3.3
Bajo
EPSS
0.1%
p2
KEV
—
Exploit Today
1
0-100
Publicado: 22 jun 2026 · Última mod.: 3 jul 2026 · CWE-266 · CWE-276
A security flaw has been discovered in Browserbase Skills up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The first version of the CVE listed Browserbase itself as affected product. This was incorrect as this issue does affect browserbase/skills instead. The vendor was contacted early about this disclosure.
- github.comhttps://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-12823%20-%20Browserbase%20Skills%20Autobrowse%20Trace%20Artifact%20Insecure%20File%20Permissions/Advisory.md
- github.comhttps://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-12823%20-%20Browserbase%20Skills%20Autobrowse%20Trace%20Artifact%20Insecure%20File%20Permissions/poc.sh
- vuldb.comhttps://vuldb.com/cve/CVE-2026-12823
- vuldb.comhttps://vuldb.com/submit/837600
- vuldb.comhttps://vuldb.com/vuln/372613
- vuldb.comhttps://vuldb.com/vuln/372613/cti