CVE-2026-2378

HIGH NVD

CVSS Score 7.4

Severity HIGH

Published Mar 20, 2026

Vendor unknown

Description

ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content.

References

https://arc.net/security/bulletins