CNNVD-202601-1234 Information
CNNVD ID
CNNVD-202601-1234
Related CVE
- CNNVD Published: 2026-01-07
Description (Chinese)
Microsoft Playwright是美国微软(Microsoft)公司的一个自动化框架。 Microsoft Playwright MCP Server 0.0.40之前版本存在安全漏洞,该漏洞源于未验证Origin标头,可能导致DNS重绑定攻击和未经授权的请求。
Description (English)
Microsoft Playwright is an automated framework for Microsoft (MSC) in the United States. Prior to Microsoft Playwright MCP Server 0.0.40, there was a security loophole, which originated from the failure to verify the Origin marker, which could lead to a re-coupling of the DNS and unauthorized requests.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
微软
Published
2026-01-07
Last Modified
2026-02-24
References
https://github.com/JLLeitschuh/security-research/security/advisories/GHSA-8rgw-6xp9-2fg3 https://www.vulncheck.com/advisories/microsoft-playwright-mcp-server-dns-rebinding-via-missing-origin-header-validation https://github.com/microsoft/playwright/commit/1313fbd https://access.redhat.com/security/cve/cve-2025-9611
Patch
https://github.com/microsoft/playwright/releases
Share on: