Epiphany Insecure External Protocol Invocation Vulnerability Allowing Code Execution

Vulnerability

A vulnerability exists in Epiphany versions prior to 48.1 and 47.5, allowing websites to invoke external URL handlers with minimal user interaction or warning. This could be exploited if the handler application has vulnerabilities, potentially leading to code execution on the client's device. The issue arises because the browser does not adequately alert users or restrict this action, misusing trusted UI behavior to create a false sense of security.

Impact

Exploitation of this vulnerability could result in unauthorized code execution on the client's device, executed within the user's context.

Added: Jan 23, 2026, 5:20 AM

Updated: Jan 23, 2026, 5:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.0

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

6.0

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Epiphany Insecure External Protocol Invocation Vulnerability Allowing Code Execution

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating