Private Key stored as extractable in browser IndexeDB_CVE-2026-35467

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.

Basic Information

ID CVE-2026-35467

Source certcc

Published Apr 2, 2026 at 20:27

Modified Apr 3, 2026 at 13:51

Affected Product

Vendor CERT/CC

Product cveClient/encrypt-storage.js

Affected Versions CERT/CC cveClient/encrypt-storage.js 0

CWE Classification

CWE-522

References

{
    "lastseen": "",
    "description": "The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.",
    "published": "2026-04-02T20:27:27.792Z",
    "modified": "2026-04-03T13:51:22.012Z",
    "type": "cve",
    "title": "Private Key stored as extractable in browser IndexeDB",
    "source": "certcc",
    "references": "https://github.com/CERTCC/cveClient/pull/39\nhttps://github.com/CERTCC/cveClient/",
    "id": "CVE-2026-35467",
    "bulletinFamily": "",
    "cwe": [
        "CWE-522"
    ],
    "cvelist": null,
    "sourceData": "CERT/CC cveClient/encrypt-storage.js 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "cveClient/encrypt-storage.js",
    "version": "0",
    "vendor": "CERT/CC",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}