A flaw was found in WebKitGTK. This vulnerability allows...
High severity
Unreviewed
Published
Dec 3, 2025
to the GitHub Advisory Database
•
Updated Apr 20, 2026
Description
Published by the National Vulnerability Database
Dec 3, 2025
Published to the GitHub Advisory Database
Dec 3, 2025
Last updated
Apr 20, 2026
A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser.
References