CVE-2024-51317

MEDIUM

Netsurf - Command Injection

Title source: rule

An issue in NetSurf v.3.11 allows a remote attacker to execute arbitrary code via the dom_node_normalize function

Core 2

Core References

Exploit, Third Party Advisory

Product

CVSS v3 6.5

EPSS 0.0014

EPSS Percentile 32.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

CWE

CWE-77

Status published

Products (1)

netsurf-browser/netsurf 3.11

Published Nov 03, 2025

Tracked Since Feb 18, 2026