Bruno before 1.29.1 uses Electron shell.openExternal without validation (of http or https) for opening windows within the Markdown docs viewer.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NUsebruno Bruno
APPUsebruno< 1.29.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2026-34841CRITICAL9.8PL ✓ten sam produkt
Atak na łańcuch dostaw Bruno via skompromitowany pakiet axios – instalacja RAT
CVE-2025-30210HIGH8.7ten sam produkt
Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components wh...
CVE-2025-30354HIGH8.7ten sam produkt
Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expre...