CVE-2026-12823
LowCVSS 3.3Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
A security flaw in Browserbase Skills up to version 20260526 affects the Autobrowse Trace Artifact Handler component. An unknown function sets incorrect default permissions, potentially allowing unauthorized access. The attack requires local access and the exploit has been made public.
Risk Assessment
The organization faces a risk of privilege escalation by a local attacker who could gain access to sensitive data or modify trace artifacts.
Recommendation
Immediately update Browserbase Skills to a version newer than 20260526 and review permission settings for the Autobrowse Trace Artifact Handler component.
Original NVD description (English source)
A security flaw has been discovered in Browserbase Skills up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The first version of the CVE listed Browserbase itself as affected product. This was incorrect as this issue does affect browserbase/skills instead. The vendor was contacted early about this disclosure.

