CVE Catalog

CVE-2026-12348

HighCVSS 7.4
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile — higher than 29% of all known CVEs

Summary

Arc Search for Android has an address bar spoofing vulnerability that allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content.

Risk Assessment

This vulnerability enables attackers to conduct phishing attacks, potentially leading to user data theft and security breaches within the organization.

Recommendation

It is recommended to update the Arc Search application to the latest version and monitor user activity for potential phishing attempts.

Original NVD description (English source)

Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS