PT-2026-34659 · Red Hat · Red Hat Enterprise Linux 6+3
Published
2026-04-23
·
Updated
2026-04-23
·
CVE-2025-66286
CVSS v3.1
4.7
Medium
| AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N |
An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the
WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP requests bypass this signal handler.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9