CWE-693— Protection Mechanism Failure
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.— MITRE CWE catalog
588 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-693page 9 of 12
- CVE-2026-0877HIGHCVSS 8.1EG 8.12026-01-13
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.
- CVE-2026-0881CRITICALCVSS 10.0EG 10.02026-01-13
Sandbox escape in the Messaging System component. This vulnerability was fixed in Firefox 147 and Thunderbird 147.
- CVE-2026-10174MEDIUMCVSS 6.3EG 6.32026-05-31
A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism …
- CVE-2026-10944MEDIUMCVSS 6.5EG 6.52026-06-04
Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-10950MEDIUMCVSS 6.5EG 6.52026-06-04
Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-11170HIGHCVSS 8.1EG 8.12026-06-04
Inappropriate implementation in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. (Chromium security severity: Medium)
- CVE-2026-11174MEDIUMCVSS 5.3EG 5.32026-06-04
Inappropriate implementation in Site Isolation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-11206MEDIUMCVSS 6.5EG 6.52026-06-04
Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-11219MEDIUMCVSS 4.3EG 4.32026-06-04
Inappropriate implementation in Navigation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-11234MEDIUMCVSS 4.3EG 4.32026-06-04
Inappropriate implementation in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-11247LOWCVSS 3.1EG 3.12026-06-04
Insufficient policy enforcement in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-11248HIGHCVSS 8.8EG 8.82026-06-04
Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-11260MEDIUMCVSS 4.3EG 4.32026-06-04
Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-11263MEDIUMCVSS 6.5EG 6.52026-06-04
Insufficient policy enforcement in WebAuthentication in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium securit…
- CVE-2026-11264MEDIUMCVSS 4.3EG 4.32026-06-04
Policy bypass in Content Security Policy in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-11266MEDIUMCVSS 4.3EG 4.32026-06-04
Inappropriate implementation in SafeBrowsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass Safe Browsing via a malicious file. (Chromium security severity: Low)
- CVE-2026-11282CRITICALCVSS 9.6EG 9.62026-06-04
Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-11288MEDIUMCVSS 6.5EG 6.52026-06-04
Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-11292MEDIUMCVSS 4.3EG 4.32026-06-04
Insufficient policy enforcement in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-11684LOWCVSS 3.1EG 3.12026-06-08
Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-11695MEDIUMCVSS 4.3EG 4.32026-06-08
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-12027CRITICALCVSS 9.6EG 9.62026-06-11
Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severi…
- CVE-2026-12031HIGHCVSS 8.3EG 8.32026-06-11
Inappropriate implementation in Views in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium securit…
- CVE-2026-12214HIGHCVSS 7.8EG 7.82026-06-15
A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr r…
- CVE-2026-12294CRITICALCVSS 9.6EG 9.62026-06-16
Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
- CVE-2026-12295CRITICALCVSS 9.6EG 9.62026-06-16
Sandbox escape in the DOM: Navigation component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
- CVE-2026-12296CRITICALCVSS 9.6EG 9.62026-06-16
Sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- CVE-2026-12302MEDIUMCVSS 6.5EG 6.52026-06-16
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
- CVE-2026-12315CRITICALCVSS 9.1EG 9.12026-06-16
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
- CVE-2026-12316CRITICALCVSS 9.1EG 9.12026-06-16
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
- CVE-2026-1232MEDIUMCVSS 6.8EG 6.82026-02-02
A medium-severity vulnerability has been identified in BeyondTrust Privilege Management for Windows versions <=25.7. Under certain conditions, a local authenticated user with elevated privileges may be able to bypass the product’s anti-t…
- CVE-2026-12438HIGHCVSS 8.3EG 8.32026-06-17
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium secur…
- CVE-2026-12457MEDIUMCVSS 4.2EG 4.22026-06-17
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
- CVE-2026-13601HIGHCVSS 7.1EG 7.12026-06-29
A flaw was found in Yelp due to an overly permissive Content Security Policy (CSP) implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS…
- CVE-2026-13859CRITICALCVSS 9.6EG 9.62026-06-30
Inappropriate implementation in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-13862MEDIUMCVSS 6.5EG 6.52026-06-30
Insufficient policy enforcement in Web Authentication (Passkeys & Security Keys) in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. (Chromi…
- CVE-2026-13876MEDIUMCVSS 6.5EG 6.52026-06-30
Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass content security policy via malicious network traffic. (Chromium security severity: Medium)
- CVE-2026-13886MEDIUMCVSS 6.5EG 6.52026-06-30
Insufficient policy enforcement in Isolated Web Apps in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-13904MEDIUMCVSS 6.5EG 6.52026-06-30
Inappropriate implementation in Safe Browsing in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-13909CRITICALCVSS 9.6EG 9.62026-06-30
Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security seve…
- CVE-2026-13910MEDIUMCVSS 6.5EG 6.52026-06-30
Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2026-13951HIGHCVSS 8.3EG 8.32026-06-30
Insufficient policy enforcement in USB in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:…
- CVE-2026-14017CRITICALCVSS 9.6EG 9.62026-06-30
Inappropriate implementation in Navigation in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security sever…
- CVE-2026-14037CRITICALCVSS 9.6EG 9.62026-06-30
Insufficient policy enforcement in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:…
- CVE-2026-14050MEDIUMCVSS 6.5EG 6.52026-06-30
Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14058MEDIUMCVSS 4.3EG 4.32026-06-30
Insufficient policy enforcement in Parser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14059MEDIUMCVSS 6.5EG 6.52026-06-30
Insufficient policy enforcement in Related-Website-Sets in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14076MEDIUMCVSS 4.3EG 4.32026-06-30
Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
- CVE-2026-14092MEDIUMCVSS 4.3EG 4.32026-06-30
Insufficient policy enforcement in Privacy in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. (Chromium security severity: Low)
- CVE-2026-14095CRITICALCVSS 9.6EG 9.62026-06-30
Insufficient policy enforcement in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security sever…
Map vulnerabilities like CWE-693 to your infrastructure
EchelonGraph correlates every CVE — across CWE-693 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →