PT-2026-39675 · Unknown · Zen Browser

Barathstalin6

·

Published

2026-05-11

·

Updated

2026-05-11

·

CVE-2026-44659

CVSS v3.1

4.7

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Zen Browser versions prior to 1.19.12b
Description The browser incorrectly truncates long hostnames in the address bar, displaying only the attacker-controlled prefix of the subdomain and hiding the actual registrable domain (eTLD+1). This allows an attacker to create long malicious subdomains that visually mimic trusted brands, misleading users about the site's origin and compromising the URL bar as a security indicator, which facilitates phishing and supply-chain attacks.
Recommendations Update to version 1.19.12b.

Exploit

Fix

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-44659
GHSA-7P2R-FP29-9W69

Affected Products

Zen Browser