CVE-2026-2378

Publication date

2026-03-20 21:16:51

Family

BCNY

State

PUBLISHED

Description

ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content.