CVE-2026-52843 | lightpanda-io Lightpanda up to 0.2.8 HTTP Request fetch/XMLHttpRequest credentials cross-domain policy

SecurityVulns

A vulnerability classified as problematic has been found in lightpanda-io Lightpanda up to 0.2.8. Impacted is the function fetch/XMLHttpRequest of the component HTTP Request Handler. Performing a manipulation of the argument credentials results in permissive cross-domain policy with untrusted domains.

This vulnerability is cataloged as CVE-2026-52843. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More