CVE-2026-12823

LOW

Browserbase Autobrowse Trace Artifact default permission

Title source: cna

Description

A security flaw has been discovered in Browserbase up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

References (6)

Core 6

Core References

Vdb Entry vdb-entry

VDB-372613 | Browserbase Autobrowse Trace Artifact default permission

https://vuldb.com/vuln/372613

Signature, Permissions Required signature permissions-required

VDB-372613 | CTI Indicators (IOB, IOC, TTP)

https://vuldb.com/vuln/372613/cti

Third Party Advisory third-party-advisory

CVE-2026-12823 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-12823

Third Party Advisory third-party-advisory

Submit #837600 | Browserbase Browserbase Skills latest main branch prior to fix (tested May 2026) Information Disclosure / Insecure File Permissions

https://vuldb.com/submit/837600

Exploit exploit

https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-12823%20-%20Browserbase%20Skills%20Autobrowse%20Trace%20Artifact%20Insecure%20File%20Permissions/Advisory.md

View Exploit ZIP pw:eip

Exploit exploit

https://github.com/NARKHEDE-VAIBHAV/poc/blob/main/CVE-2026-12823%20-%20Browserbase%20Skills%20Autobrowse%20Trace%20Artifact%20Insecure%20File%20Permissions/poc.sh

View Exploit ZIP pw:eip

Scores

CVSS v3 3.3

EPSS 0.0011

EPSS Percentile 1.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-276

Status published

Products (1)

None/Browserbase 20260526

Published Jun 22, 2026

Tracked Since Jun 22, 2026