CVE-2026-45243

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1

Description A missing authorization issue exists in the content script window.postMessage bridge. This allows malicious pages to simulate runtime messages using spoofed sender identifiers, enabling unauthorized operations on automation artifacts scoped to the affected tab. These operations include listing, reading, creating, overwriting, or deleting artifacts.

Recommendations Update to version 0.15.1.