CVE-2025-66286

· NIST NVD ↗

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP requests bypass this signal handler.

MEDIUM
CVSS severity
4.7
CVSS base score
2026-04-23
Published

CWE codes

CWE-639

Sources