CVE-2026-35467EPSS p13.8%

CVE-2026-35467CVE-2026-35467

cmu / cveclient

Description

The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.

Scoring

CVSS 7.5 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS0.23% probability of exploitation · percentile 13.8% · 2026-06-19T12:03:05Z
Last modified2026-06-03

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-35466
CVE
CVE-2026-22906
CVE
CVE-2025-55047
CVE
CVE-2025-25268
CVE
CVE-2026-22918
CVE
CVE-2026-23899
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.