CVE-2026-12068

HIGH

Avira Password Manager credential disclosure via cross-origin autofill in Firefox

Title source: cna

Description

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.

References (1)

Core 1

Core References

https://www.gendigital.com/us/en/contact-us/security-advisories/

Scores

CVSS v3 7.4

EPSS 0.0026

EPSS Percentile 17.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-669

Status published

Products (1)

Gen Digital/Avira Password Manager

Published Jun 12, 2026

Tracked Since Jun 13, 2026