{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6143", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-12T07:56:04.762Z", "datePublished": "2026-04-13T01:15:13.708Z", "dateUpdated": "2026-04-13T11:59:30.326Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-13T01:15:13.708Z"}, "title": "farion1231 cc-switch ProxyServer server.rs cross-domain policy", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-942", "lang": "en", "description": "Permissive Cross-domain Policy with Untrusted Domains"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-346", "lang": "en", "description": "Origin Validation Error"}]}], "affected": [{"vendor": "farion1231", "product": "cc-switch", "versions": [{"version": "3.12.0", "status": "affected"}, {"version": "3.12.1", "status": "affected"}, {"version": "3.12.2", "status": "affected"}, {"version": "3.12.3", "status": "affected"}], "modules": ["ProxyServer"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-12T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-12T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-12T10:01:21.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "r00tuser (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/357007", "name": "VDB-357007 | farion1231 cc-switch ProxyServer server.rs cross-domain policy", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/357007/cti", "name": "VDB-357007 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/796145", "name": "Submit #796145 | github.com/farion1231 cc-switch v3.12.3 Origin Validation Error", "tags": ["third-party-advisory"]}, {"url": "https://github.com/farion1231/cc-switch/issues/1841", "tags": ["issue-tracking"]}, {"url": "https://github.com/farion1231/cc-switch/pull/1915", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/farion1231/cc-switch/issues/1841#issue-4191294952", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/farion1231/cc-switch/", "tags": ["product"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-13T11:59:14.642288Z", "id": "CVE-2026-6143", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T11:59:30.326Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6143", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-13T11:59:14.642288Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-13T11:59:24.159Z"}}], "cna": {"title": "farion1231 cc-switch ProxyServer server.rs cross-domain policy", "credits": [{"lang": "en", "type": "reporter", "value": "r00tuser (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "farion1231", "modules": ["ProxyServer"], "product": "cc-switch", "versions": [{"status": "affected", "version": "3.12.0"}, {"status": "affected", "version": "3.12.1"}, {"status": "affected", "version": "3.12.2"}, {"status": "affected", "version": "3.12.3"}]}], "timeline": [{"lang": "en", "time": "2026-04-12T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-12T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-12T10:01:21.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/357007", "name": "VDB-357007 | farion1231 cc-switch ProxyServer server.rs cross-domain policy", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/vuln/357007/cti", "name": "VDB-357007 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/796145", "name": "Submit #796145 | github.com/farion1231 cc-switch v3.12.3 Origin Validation Error", "tags": ["third-party-advisory"]}, {"url": "https://github.com/farion1231/cc-switch/issues/1841", "tags": ["issue-tracking"]}, {"url": "https://github.com/farion1231/cc-switch/pull/1915", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/farion1231/cc-switch/issues/1841#issue-4191294952", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/farion1231/cc-switch/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-942", "description": "Permissive Cross-domain Policy with Untrusted Domains"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-346", "description": "Origin Validation Error"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-13T01:15:13.708Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6143", "state": "PUBLISHED", "dateUpdated": "2026-04-13T11:59:30.326Z", "dateReserved": "2026-04-12T07:56:04.762Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-13T01:15:13.708Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in farion1231 cc-switch up to 3.12.3. Affected by this issue is some unknown functionality of the file src-tauri/src/proxy/server.rs of the component ProxyServer. The manipulation results in permissive cross-domain policy with untrusted domains. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."}], "id": "CVE-2026-6143", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-13T02:16:04.783", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/farion1231/cc-switch/"}, {"source": "cna@vuldb.com", "url": "https://github.com/farion1231/cc-switch/issues/1841"}, {"source": "cna@vuldb.com", "url": "https://github.com/farion1231/cc-switch/issues/1841#issue-4191294952"}, {"source": "cna@vuldb.com", "url": "https://github.com/farion1231/cc-switch/pull/1915"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/796145"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/357007"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/357007/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}, {"lang": "en", "value": "CWE-942"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.12.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.12.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.12.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "3.12.3"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "cc-switch", "source": "cna", "vendor": "farion1231"}, "product": "cc-switch", "vendor": "farion1231"}], "analysis": {"en": {"generated_at": "2026-04-13T03:21:42.760589+00:00", "value": {"mitigation_remediation": ["Upgrade farion1231 cc\u2011switch to a version newer than 3.12.3, where the cross\u2011domain policy issue has been corrected."], "summary": {"action": "Patch", "impact": "Potential data exposure via permissive cross\u2011domain policy"}, "threat_synthesis": {"affected_systems": "farion1231:cc\u2011switch, versions up to and including 3.12.3, with the issue residing in src\u2011tauri/src/proxy/server.rs of the ProxyServer component.", "description_and_impact": "A flaw in the ProxyServer component of farion1231's cc\u2011switch allows the manipulation of its cross\u2011domain policy, granting untrusted domains broad access. This can enable an attacker to obtain HTTP responses or data that should be restricted, or to serve malicious content to users. The vulnerability stems from improper handling of policy files and is classified as CWE\u2011346 and CWE\u2011942.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, and the vulnerability can be triggered remotely. No EPSS score is available, but a public exploit has been released, raising the likelihood that attackers could target affected installations. The vulnerability is not listed in CISA's KEV catalog, but the existence of remote attack capability and a known exploit elevate the immediate risk to users running affected versions."}}}}, "created": "2026-04-13T12:37:56.388045+00:00", "updated": "2026-04-13T12:53:44.089757+00:00", "vendors": ["farion1231", "farion1231$PRODUCT$cc-switch"]}