CVE-2025-66286

medium

Red Hat

CVSS v3 Base Score

4.7

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

Low

Integrity

None

Availability

None

Published: April 23, 2026 (21 days ago)

Last Modified: April 23, 2026

Vendor: Red Hat

Source: REDHAT

Description

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP requests bypass this signal handler.

CWE

CWE-639

Affected Products

Red Hat Enterprise Linux 6Red Hat Enterprise Linux 7Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 bugs.webkit.org

CVE-2025-66286

Vulnerability Report

Description

CWE

Affected Products

References