PT-2026-57005 · Zen Browser · Rdesktop

Published

2026-07-09

·

Updated

2026-07-09

·

CVE-2026-57501

CVSS v3.1

0.0

None

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N
Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link to a file URL that can load with System privileges when opened through either context-menu item and bypass the content-to-file security check that blocks an ordinary click. This issue is fixed in version 1.21.5b.

Fix

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-57501

Affected Products

Rdesktop