CVE-2026-52843 - Lightpanda: fetch() and XMLHttpRequest attach session cookies to cross-origin requests regardless of credentials mode
CVE ID :CVE-2026-52843 Published : July 15, 2026, 5:16 p.m. | 1 hour, 17 minutes ago Description :Lightpanda is a headless browser designed for AI and automation. Prior to 0.2.9, Lightpanda fetch() and XMLHttpRequest unconditionally attached session cookies to every HTTP request, ignoring...