CVE-2026-6662 | ericc-ch copilot-api up to 0.7.0 Token Endpoint src/server.ts cors cross-domain policy

April 20, 2026 Yanac

A vulnerability marked as critical has been reported in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains.

This vulnerability is cataloged as CVE-2026-6662. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.VulDB Recent EntriesRead More