{"id":"CVE-2023-26081","details":"In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.","aliases":["GHSA-mhhf-w9xw-pp9x"],"modified":"2026-06-01T12:00:16.256842598Z","published":"2023-02-20T00:00:00Z","related":["openSUSE-SU-2024:12722-1"],"database_specific":{"unresolved_ranges":[{"source":"DESCRIPTION","extracted_events":[{"fixed":"43.0"}]}],"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26081.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26081.json"},{"type":"ADVISORY","url":"https://github.com/google/security-research/security/advisories/GHSA-mhhf-w9xw-pp9x"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFWUNG6E4ZT43EYNHKYXS7QVSO2VW2H2/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SADQCSQKTJKTTIJMEPY7GII6IVQSKEKV/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26081"},{"type":"FIX","url":"https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1275"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00015.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.gnome.org/gnome/epiphany","events":[{"introduced":"0"},{"fixed":"e21c2e68f34fcf23ca560088479e13c9929a4c36"}],"database_specific":{"source":"CPE_RANGE","extracted_events":[{"introduced":"0"},{"fixed":"43.1"}],"cpe":"cpe:2.3:a:gnome:epiphany:*:*:*:*:*:*:*:*"}}],"versions":["43.0","43.rc","43.beta","43.alpha","42.beta-really","42.alpha","41.0","41.rc","42.beta","41.beta","41.alpha","40.0","40.rc","40.beta","40.alpha","3.38.0","3.37.92","3.37.91","3.37.90","3.37.3","3.37.2","3.37.1","3.36.0","3.35.92","3.35.91","3.35.90","3.35.3","3.35.2","3.35.1","3.34.0","3.33.92","3.33.91","3.33.90","3.33.4","3.33.3","3.33.2","3.33.1","3.31.90","3.31.4","3.31.3","3.31.2","3.31.1","3.29.92","3.29.91","3.29.90","3.29.4","3.29.3","3.29.2","3.29.1","3.27.90","3.27.4","3.27.3","3.27.2","3.27.1","3.26.0","3.25.92","3.25.91","3.25.90","3.25.4","3.25.3","3.25.2","3.25.1","3.24.1","3.24.0","3.23.93","3.23.92","3.23.91.1","3.23.91","3.23.90","3.23.5","3.23.4","3.23.3","3.23.2.1","3.23.2","3.23.1.2","3.23.1.1","3.23.1","3.21.4","3.21.3","3.21.2","3.21.1","3.20.0","3.19.92","3.19.91","3.19.90","3.19.1","3.18.0","3.17.91","3.17.2","3.17.1","3.16.1","3.16.0","3.15.92","3.15.90","3.15.1","3.14.1","3.14.0","3.13.91","3.13.90","3.12.1","3.12.0","3.11.92","3.11.91","3.11.90","3.11.4","3.11.3","3.11.2","3.11.1","3.10.1","3.10.0","3.9.91","3.9.90","3.9.3","3.9.2","3.7.92","3.7.91","3.7.90","3.7.5","3.7.3","3.7.1","3.6.0","3.5.92","3.5.91.1","3.5.90","3.5.5","3.5.4","3.5.3","3.5.1","3.3.92","3.3.91","3.3.90","3.3.5","3.3.4.1","3.3.4","3.3.3","3.3.2","3.3.1","3.2.0","3.1.92","3.1.91.1","3.1.91","3.1.90","3.1.5","3.1.2","3.0.0","2.91.92","2.91.91.1","2.91.91","2.91.90","2.91.6","2.91.5","2.91.4.1","2.91.4","2.91.3","2.91.2","2.91.1.1","2.91.1","2.31.5","2.31.4","2.31.2","2.30.2","2.30.1","2.30","2.29.92","2.29.91","2.29.90","actual-2.29.6","2.29.6","2.29.5","2.29.3","2.29.1","2.27.92","2.27.91","2.27.90","2.27.5","2.27.4","RELEASE_2_23_91","RELEASE_2_21_92","RELEASE_2_21_90","RELEASE_2_21_5","RELEASE_2_21_4","RELEASE_2_19_90","RELEASE_2_19_6","XULRUNNER_BRANCHPOINT","RELEASE_2_19_5","RELEASE_2_19_2","RELEASE_2_18_0","GNOME_2_18_BRANCHPOINT","RELEASE_2_17_92","WEBKIT_BRANCHPOINT","RELEASE_2_17_91","RELEASE_2_17_90","RELEASE_2_17_5","RELEASE_2_17_4","RELEASE_2_17_3","RELEASE_2_17_2","GNOME_2_16_BRANCHPOINT","RELEASE_2_16_0","RELEASE_2_15_92","RELEASE_2_5_91","RELEASE_2_15_4","RELEASE_2_15_3","RELEASE_2_15_2","RELEASE_2_15_1","RELEASE_2_14_0","GNOME_2_14_BRANCHPOINT","Release1999","Release198","Release196","Release1951","Release195","Release194","Release1931","Release193","Release192","Release191","BEFORE_HARVES18","GNOME_2_12_BRANCHPOINT","Release176","Release175","PRE_GNOME_2_14_BRANCHPOINT","Release174","Release173","Release172","Release171","Release160","GNOME_2_10_ANCHOR","Release158","Release157","Release156","Release155","Release154","Release153","Release152","GTK_ENGINES_2_6_0","Release151","WEBCORE_BRANCHPOINT","help","gnome-2-8-branchpoint","pre-gnome-2-10-branchpoint","Release138","Release137","Release136","Release135","Release134","Release133","Release132","Release131","Release130","Release120","Release1112","Release1111","Release1110","Release119","Release117","Release115","Release113","Release112","Release111","Release110","Release092","Release091","Release090","Release083","Release082","Release081","Release073","Release072","Release070","INITIAL"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-26081.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}