CVE-2025-66286

🗓️ 23 Apr 2026 12:33:50Reported by redhatType

Authorization bypass in WebKitGTK and WPE WebKit lets untrusted content trigger requests.

Reporter	Title	Published	Views	Family All 11
CNNVD	WebKitGTK 安全漏洞	23 Apr 202600:00	–	cnnvd
Cvelist	CVE-2025-66286 Webkitgtk: authorization bypass through webpage::send-request signal handler	23 Apr 202612:33	–	cvelist
EUVD	EUVD-2025-209565	23 Apr 202615:38	–	euvd
NVD	CVE-2025-66286	23 Apr 202613:16	–	nvd
OSV	UBUNTU-CVE-2025-66286	23 Apr 202613:16	–	osv
Positive Technologies	PT-2026-34659	23 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-66286	23 Apr 202612:33	–	redhatcve
SUSE CVE	SUSE CVE-2025-66286	25 Apr 202601:44	–	susecve
UbuntuCve	CVE-2025-66286	23 Apr 202613:16	–	ubuntucve
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2025-66286	23 Apr 202600:00	–	nessus

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "webkitgtk",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "webkitgtk3",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "webkitgtk4",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "webkit2gtk3",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "webkit2gtk3",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

Source	Link
bugs	www.bugs.webkit.org/show_bug.cgi
access	www.access.redhat.com/security/cve/CVE-2025-66286
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

28 Apr 2026 20:00Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.14.7

EPSS0.00033

SSVC

CWE-639