cvedb.io
CVE-2026-35467
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-04-02T21:16:40.810 · Last modified 2026-06-17T10:40:38.960

Summary

The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.

Affected products

cmu — cveclient

Does this affect you?

Add your gear to cvedb and we'll alert you only when cmu ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.