CVE-2026-31192

Published: Apr 22, 2026Modified: May 12, 2026

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Insufficient validation of Chrome extension identifiers in Raindrop.io Bookmark Manager Web App 5.6.76.0 allows attackers to obtain sensitive user data via a crafted request.

Affected (1)

Products: Raindrop: Raindrop

Raindrop

1 product

Raindrop

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Raindrop Raindrop	Version 5.6.76.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS

Source: cve@mitre.org

Technical Description

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Origin

Source: cve@mitre.org

Technical Description

https://github.com/incoggeek/vulnerability-research/tree/master/CVE-2026-31192

Source: cve@mitre.org

Third Party Advisory

https://support.google.com/chrome_webstore/answer/2664769?hl=en

Source: cve@mitre.org

Not Applicable

Timeline

No history available yet.