PT-2026-39675 · Unknown · Zen Browser
Barathstalin6
·
Published
2026-05-11
·
Updated
2026-05-11
·
CVE-2026-44659
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Zen Browser versions prior to 1.19.12b
Description
The browser incorrectly truncates long hostnames in the address bar, displaying only the attacker-controlled prefix of the subdomain and hiding the actual registrable domain (eTLD+1). This allows an attacker to create long malicious subdomains that visually mimic trusted brands, misleading users about the site's origin and compromising the URL bar as a security indicator, which facilitates phishing and supply-chain attacks.
Recommendations
Update to version 1.19.12b.
Exploit
Fix
UI Misrepresentation of Critical Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zen Browser