CVE-2026-6662

· NIST NVD ↗

A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

HIGH
CVSS severity
7.3
CVSS base score
2026-04-20
Published

CWE codes

CWE-346CWE-942

Sources