PT-2025-27003 · Arc · Arc
Published
2025-06-26
·
Updated
2025-06-26
·
CVE-2024-52928
CVSS v3.1
9.6
Critical
| Vector | AC:L/AV:N/A:L/C:H/I:H/PR:N/S:C/UI:R |
Name of the Vulnerable Software and Affected Versions:
Arc versions prior to 1.26.1
Description:
The issue allows websites with previously granted permissions to add new permissions when the user clicks anywhere on the website, due to a bypass problem in the site settings.
Recommendations:
For versions prior to 1.26.1, update to version 1.26.1 or later to resolve the issue.
Fix
LPE
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arc