CVE-2026-12348
HighCVSS 7.4Exploitation Probability (EPSS)
Low risk29th percentile — higher than 29% of all known CVEs
Summary
Arc Search for Android has an address bar spoofing vulnerability that allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content.
Risk Assessment
This vulnerability enables attackers to conduct phishing attacks, potentially leading to user data theft and security breaches within the organization.
Recommendation
It is recommended to update the Arc Search application to the latest version and monitor user activity for potential phishing attempts.
Original NVD description (English source)
Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing.

