CVE-2026-6662

CVSS v2.0

7.5

High

AV:N/AC:L/Au:N/C:P/I:P/A:P

A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

Exploit

Fix

Origin Validation Error

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-346CWE-942

Related Identifiers

CVE-2026-6662

Affected Products

Copilot-Api

CVE-2026-6662

Weakness Enumeration

Related Identifiers

Affected Products

References · 5