216.73.216.133

CVE-2026-44659

· Published 11/05/2026 18:16 · Modified 11/05/2026 18:16

Labels: CVE-2026-44659 2026-05-11CVE-2026-44659CWE-451[email protected]

Essential information

Published
11/05/2026 18:16
Modified
11/05/2026 18:16
Author
Creator
CVSS
4.7 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CVSS metrics

Description

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain (eTLD+1). As a result, an attacker can craft extremely long malicious subdomains that visually imitate trusted brands, and the browser will display only the spoofed prefix, misleading users about the actual origin of the site. This directly compromises the URL bar as a security indicator and creates a phishing/supply-chain attack vector. This vulnerability is fixed in 1.19.12b.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
zen / zen browser cpe:2.3:a:zen:zen_browser:*:*:*:*:*:*:*:*

References