resolved
[Variation of #3321406] YetAnother 1-Click Chaining of Self-XSS, Cookie Tossing and AntiCSRF Token Prediction leads to auto approval in AccessTempAuth
Bug reported by Nishant was disclosed at April 14, 2026, 5:54 am | Cross-site Scripting (XSS) - Stored
A vulnerability in Cloudflare Access involving the Browser Isolation email field was discovered, which could allow for unauthorized approvals within the Temporary Auth workflow. The issue has been fully remediated.
resolved
[Variation of #1554049] 1-Click Chaining of Self-XSS, Cookie Tossing and AntiCSRF Token Prediction leads to auto approval in Access Temp Auth
Bug reported by Nishant was disclosed at April 14, 2026, 5:53 am |
A vulnerability was discovered in Cloudflare Access that could allow for unauthorized approvals within the Temporary Auth workflow. The issue was resolved after the researcher reported it to Cloudflare.
resolved
Brave Shields Domain Reordering Leads to Origin Confusion
Bug reported by kali linux was disclosed at April 13, 2026, 7:59 pm | Violation of Secure Design Principles
The Brave Shields feature was observed to reorder domain names, leading to potential origin confusion. Specifically, the domain "1.attacker.com" was displayed as "attacker.com.1", and "1.1.1.1.attacker.com" was displayed as "attacker.com.1.1.1.1". This behavior could potentially mislead users about the actual source of the website.
resolved
Credential Disclosure via Unvalidated directDownloadUrl (Missing DontAddCredentialsAttribute)
Bug reported by Sang Yeong Pyo was disclosed at April 13, 2026, 4:23 pm | Insufficiently Protected Credentials
The Nextcloud Desktop Client was found to automatically include user credentials (Authorization header with username and password in Base64) when downloading files via the "directDownloadUrl" feature. This allowed a malicious Nextcloud server to specify an attacker-controlled URL, causing the client to leak the user's credentials to the attacker's server. The root cause was the failure to validate the origin of the "directDownloadUrl" and the lack of setting the "DontAddCredentialsAttribute" for cross-origin requests.
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
