CVE-2026-44439

PlaywrightCapture is vulnerable prior to version 1.39.6: an attacker-controlled page could abuse browser redirect mechanisms (e.g., window.location.href) to cause the capture process to open file:// URLs or access resources at private/loopback/non-public IPs, enabling potential SSRF and leakage o...

Playwright Capture 代码问题漏洞

Playwright Capture is an open-source web capture tool based on Playwright developed by Lookyloo. Versions of Playwright Capture prior to 1.39.6 contained code vulnerabilities. These vulnerabilities stemmed from insufficient restrictions on navigation and resource requests initiated by rendered...

Playwright Capture permits access to local files and internal network resources during page capture

Playwright Capture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms, such as window.location.href, to make the capture process open file:// URLs or request resources hosted on...

GHSA-687H-XW6F-Q2QW Playwright Capture permits access to local files and internal network resources during page capture

Playwright Capture did not sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page could abuse browser-side redirection mechanisms, such as window.location.href, to make the capture process open file:// URLs or request resources hosted on...

PT-2026-38317

Name of the Vulnerable Software and Affected Versions Playwright Capture affected versions not specified Description Playwright Capture fails to sufficiently restrict navigations and resource requests initiated by rendered pages. An attacker-controlled page can abuse browser-side redirection...