CWE-843
AllowedAccess of Resource Using Incompatible Type ('Type Confusion')
Abstraction: Base · Status: Incomplete
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
1041 vulnerabilities reference this CWE, most recent first.
GHSA-464X-V7W8-F44C
Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-10-07 00:01A vulnerability has been identified in JT2Go (All Versions < V13.1.0), JT2Go (V 13.1.0), Teamcenter Visualization (All Versions < V13.1.0), Teamcenter Visualization (V 13.1.0). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process.
{
"affected": [],
"aliases": [
"CVE-2020-26990"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-12T21:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in JT2Go (All Versions \u003c V13.1.0), JT2Go (V 13.1.0), Teamcenter Visualization (All Versions \u003c V13.1.0), Teamcenter Visualization (V 13.1.0). Affected applications lack proper validation of user-supplied data when parsing ASM files. A crafted ASM file can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process.",
"id": "GHSA-464x-v7w8-f44c",
"modified": "2022-10-07T00:01:03Z",
"published": "2022-05-24T17:38:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26990"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-663999.pdf"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-055"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-46PV-MJ2G-93GH
Vulnerability from github – Published: 2026-04-03 06:31 – Updated: 2026-04-04 06:54An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "roundcube/roundcubemail"
},
"ranges": [
{
"events": [
{
"introduced": "1.7-beta"
},
{
"fixed": "1.7-rc5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-35541"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-04T06:54:24Z",
"nvd_published_at": "2026-04-03T05:16:22Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password.",
"id": "GHSA-46pv-mj2g-93gh",
"modified": "2026-04-04T06:54:24Z",
"published": "2026-04-03T06:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35541"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/commit/2e6a99b2a38110907ea8d3be8e59ec3d5802c394"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/commit/6a275676a8043083c05c961914d830b79e2490d4"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/commit/6fa2bddc59b9c9fd31cad4a9e2954a208d793dce"
},
{
"type": "PACKAGE",
"url": "https://github.com/roundcube/roundcubemail"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.5.14"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.6.14"
},
{
"type": "WEB",
"url": "https://github.com/roundcube/roundcubemail/releases/tag/1.7-rc5"
},
{
"type": "WEB",
"url": "https://roundcube.net/news/2026/03/18/security-updates-1.7-rc5-1.6.14-1.5.14"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Roundcube Webmail: Incorrect password comparison in the password plugin"
}
GHSA-46Q4-VVQ4-58XJ
Vulnerability from github – Published: 2022-05-24 16:54 – Updated: 2022-05-24 16:54Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
{
"affected": [],
"aliases": [
"CVE-2019-7974"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-26T18:15:00Z",
"severity": "CRITICAL"
},
"details": "Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.",
"id": "GHSA-46q4-vvq4-58xj",
"modified": "2022-05-24T16:54:49Z",
"published": "2022-05-24T16:54:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7974"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/photoshop/apsb19-44.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-476R-VP22-V7C4
Vulnerability from github – Published: 2022-07-26 00:01 – Updated: 2022-07-28 00:00Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2022-1232"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-25T14:15:00Z",
"severity": "HIGH"
},
"details": "Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-476r-vp22-v7c4",
"modified": "2022-07-28T00:00:48Z",
"published": "2022-07-26T00:01:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1232"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1311641"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-25"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-47J6-W2J2-7JXF
Vulnerability from github – Published: 2022-05-24 19:20 – Updated: 2024-10-08 09:30A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)
{
"affected": [],
"aliases": [
"CVE-2021-31344"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-11-09T12:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versions), APOGEE PXC Compact (P2 Ethernet) (All versions), APOGEE PXC Modular (BACnet) (All versions), APOGEE PXC Modular (P2 Ethernet) (All versions), Capital VSTAR (All versions), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions \u003c V2017.02.4), Nucleus ReadyStart V4 (All versions \u003c V4.1.1), Nucleus Source Code (All versions), TALON TC Compact (BACnet) (All versions), TALON TC Modular (BACnet) (All versions). ICMP echo packets with fake IP options allow sending ICMP echo reply messages to arbitrary hosts on the network. (FSMD-2021-0004)",
"id": "GHSA-47j6-w2j2-7jxf",
"modified": "2024-10-08T09:30:50Z",
"published": "2022-05-24T19:20:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31344"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-044112.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-114589.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-223353.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-620288.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-845392.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-044112.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-223353.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-845392.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-47MV-437C-47MJ
Vulnerability from github – Published: 2023-07-21 09:30 – Updated: 2024-04-04 06:18A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.
{
"affected": [],
"aliases": [
"CVE-2023-28729"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-07-21T07:15:09Z",
"severity": "HIGH"
},
"details": "A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.",
"id": "GHSA-47mv-437c-47mj",
"modified": "2024-04-04T06:18:28Z",
"published": "2023-07-21T09:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28729"
},
{
"type": "WEB",
"url": "https://industry.panasonic.eu/factory-automation/programmable-logic-controllers-plc/plc-software/programming-software-control-fpwin-pro"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-47QC-857F-7W7F
Vulnerability from github – Published: 2026-02-19 20:25 – Updated: 2026-02-19 20:25PyO3 0.28.1 added support for #[pyclass(extends=PyList)] struct NativeSub (and other native types) when targeting Python 3.12 and up with the abi3 feature.
It was discovered that subclasses of such classes would use the type of the subclass when attempting to access to data of NativeSub contained within Python objects, amounting to memory corruption.
PyO3 0.28.2 fixed the issue by using the type of (e.g.) NativeSub correctly.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "pyo3"
},
"ranges": [
{
"events": [
{
"introduced": "0.28.0"
},
{
"fixed": "0.28.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-19T20:25:46Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "PyO3 0.28.1 added support for `#[pyclass(extends=PyList)] struct NativeSub` (and other native types) when targeting Python 3.12 and up with the `abi3` feature.\n\nIt was discovered that subclasses of such classes would use the type of the subclass when attempting to access to data of `NativeSub` contained within Python objects, amounting to memory corruption.\n\nPyO3 0.28.2 fixed the issue by using the type of (e.g.) `NativeSub` correctly.",
"id": "GHSA-47qc-857f-7w7f",
"modified": "2026-02-19T20:25:46Z",
"published": "2026-02-19T20:25:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/PyO3/pyo3/pull/5807#issuecomment-3913251784"
},
{
"type": "WEB",
"url": "https://github.com/PyO3/pyo3/commit/75abd8602896b350fd8c778e52e0a74b4644ccca"
},
{
"type": "PACKAGE",
"url": "https://github.com/PyO3/pyo3"
},
{
"type": "WEB",
"url": "https://github.com/PyO3/pyo3/releases/tag/v0.28.2"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2026-0013.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "PyO3 has type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature"
}
GHSA-4885-5PCH-3X6M
Vulnerability from github – Published: 2026-06-16 15:33 – Updated: 2026-07-15 12:31JIT miscompilation in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.
{
"affected": [],
"aliases": [
"CVE-2026-12299"
],
"database_specific": {
"cwe_ids": [
"CWE-733",
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-16T13:16:30Z",
"severity": "MODERATE"
},
"details": "JIT miscompilation in the DOM: Core \u0026 HTML component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37.",
"id": "GHSA-4885-5pch-3x6m",
"modified": "2026-07-15T12:31:49Z",
"published": "2026-06-16T15:33:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-12299"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-61"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-60"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-59"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-58"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-57"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-12299.json"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489212"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2043139"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-12299"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39706"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39428"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39142"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39141"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:39011"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:38753"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:38751"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:38750"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:38506"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37391"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:37210"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36103"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36102"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36101"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36100"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33445"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:30846"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29940"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27734"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27733"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27717"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-495J-4JMX-MGRX
Vulnerability from github – Published: 2022-05-24 17:09 – Updated: 2025-10-22 00:31Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
{
"affected": [],
"aliases": [
"CVE-2020-6418"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-27T23:15:00Z",
"severity": "MODERATE"
},
"details": "Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GHSA-495j-4jmx-mgrx",
"modified": "2025-10-22T00:31:50Z",
"published": "2022-05-24T17:09:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6418"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2020:0738"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1053604"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IOHSO6BUKC6I66J5PZOMAGFVJ66ZS57"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X3B5RWJQD5LA45MYLLR55KZJOJ5NVZGP"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202003-08"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-6418"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4638"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-496G-7869-3VXM
Vulnerability from github – Published: 2026-04-29 00:30 – Updated: 2026-04-29 15:30Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
{
"affected": [],
"aliases": [
"CVE-2026-7337"
],
"database_specific": {
"cwe_ids": [
"CWE-843"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-28T23:16:21Z",
"severity": "HIGH"
},
"details": "Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-496g-7869-3vxm",
"modified": "2026-04-29T15:30:37Z",
"published": "2026-04-29T00:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7337"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_28.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/500880819"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.