CVE-2026-6143
MEDIUMfarion1231 cc-switch ProxyServer server.rs cross-domain policy
Title source: cnaDescription
A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
References (7)
Core 7
Core References
Vdb Entry vdb-entry
VDB-357007 | farion1231 cc-switch ProxyServer server.rs cross-domain policy
https://vuldb.com/vuln/357007
Signature, Permissions Required signature
permissions-required
VDB-357007 | CTI Indicators (IOB, IOC, IOA)
https://vuldb.com/vuln/357007/cti
Third Party Advisory third-party-advisory
Submit #796145 | github.com/farion1231 cc-switch v3.12.3 Origin Validation Error
https://vuldb.com/submit/796145
Issue Tracking issue-tracking
https://github.com/farion1231/cc-switch/issues/1841
Patch issue-tracking
patch
https://github.com/farion1231/cc-switch/pull/1915
Exploit exploit
issue-tracking
https://github.com/farion1231/cc-switch/issues/1841#issue-4191294952
Product product
https://github.com/farion1231/cc-switch/
Scores
CVSS v3
6.3
EPSS
0.0019
EPSS Percentile
8.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-346
CWE-942
Status
published
Products (4)
farion1231/cc-switch
3.12.0
farion1231/cc-switch
3.12.1
farion1231/cc-switch
3.12.2
farion1231/cc-switch
3.12.3
Published
Apr 13, 2026
Tracked Since
Apr 13, 2026