CVE-2026-52842 - Lightpanda:URL parser misidentifies page origin for URLs containing @ in the path - Same-Origin Policy bypass
CVE ID :CVE-2026-52842 Published : July 15, 2026, 5:16 p.m. | 1 hour, 17 minutes ago Description :Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component when computing a...