PatchSiren cyber security CVE debrief
CVE-2026-59804 web-infra-dev CVE debrief
CVE-2026-59804 is a high-severity vulnerability in Midscene Bridge Server through 1.10.3. The vulnerability allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, which performs no Origin header validation and requires no authentication token. This allows attackers to connect from any web page visited by the victim to seize the single-client slot, intercept and inject automation commands, exfiltrate command-payload data, or unconditionally terminate the server by supplying the MIDSCENE_BRIDGE_SIGNAL_KILL query parameter. Users of Midscene Bridge Server through 1.10.3 should be aware of this vulnerability and take immediate action to protect their systems.
- Vendor
- web-infra-dev
- Product
- midscene
- CVSS
- HIGH 7.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-08
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-07-08
- Advisory updated
- 2026-07-10
Who should care
Users of Midscene Bridge Server through 1.10.3, security teams, and vulnerability management teams should be aware of this vulnerability and take immediate action to protect their systems. The vulnerability has a high CVSS score of 7.6 and is considered high-severity. Affected operators and platforms should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
The vulnerability is caused by a missing authentication and CORS misconfiguration in Midscene Bridge Server through 1.10.3. This allows unauthenticated remote attackers to connect from any web page visited by the victim to seize the single-client slot, intercept and inject automation commands, exfiltrate command-payload data, or unconditionally terminate the server by supplying the MIDSCENE_BRIDGE_SIGNAL_KILL query parameter. The vulnerability affects Midscene Bridge Server through 1.10.3 and has a high CVSS score of 7.6.
Defensive priority
High
Recommended defensive actions
- Immediately update Midscene Bridge Server to version 1.10.3 or later
- Implement proper authentication and CORS configuration
- Monitor for suspicious WebSocket connections
- Restrict access to the Socket.IO server
- Verify and validate user input
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-08T20:16:56.077Z and was last modified on 2026-07-10T17:56:00.910Z. The NVD entry is currently Deferred. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The vulnerability allows unauthenticated remote attackers to hijack active bridge sessions by opening a cross-origin WebSocket connection to the local Socket.IO server, which performs no Origin header validation and requires no authentication token. The vulnerability affects Midscene Bridge Server through 1.10.3.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-08T20:16:56.077Z and has not been modified since then. The NVD entry is currently Deferred.