HIGH
web-infra-dev
CVE published 2026-07-08
CVE-2026-59804
CVE-2026-59804 is a high-severity vulnerability in Midscene Bridge Server through 1.10.3. The vulnerability allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, which performs no Origin header validation and requires no authentication token. This allows attackers to connect from any web page visited by the vi [truncated]