CVE-2026-2378 | BrowserCompany of New York ArcSearch up to 1.12.6 on Android Web ui layer

VDB-352140 · CVE-2026-2378 · GCVE-0-2026-2378 BROWSERCOMPANY OF NEW YORK ARCSEARCH UP TO 1.12.6 ON ANDROID WEB UI LAYER HISTORYDIFFRELATEJSONXMLCTI CVSS Meta Temp Score Current Exploit Price (≈) CTI Interest Score 5.7 $0-$5k 1.90+ Summaryinfo A vulnerability described as problematic has been identified in BrowserCompany of New York ArcSearch up to 1.12.6 on Android. This affects an unknown function of the component Web Handler. The manipulation results in ui layer. This vulnerability is known as CVE-2026-2378. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended. Detailsinfo A vulnerability was found in BrowserCompany of New York ArcSearch up to 1.12.6 on Android. It has been classified as problematic. Affected is an unknown code block of the component Web Handler. The manipulation with an unknown input leads to a ui layer vulnerability. CWE is classifying the issue as CWE-1021. The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. This is going to have an impact on integrity. CVE summarizes: ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content. The advisory is shared for download at arc.net. This vulnerability is traded as CVE-2026-2378 since 02/11/2026. The exploitability is told to be easy. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Successful exploitation requires user interaction by the victim. There are neither technical details nor an exploit publicly available. Upgrading to version 1.12.7 eliminates this vulnerability. Productinfo Type Android App Software Vendor BrowserCompany of New York Name ArcSearch Version 1.12.0 1.12.1 1.12.2 1.12.3 1.12.4 1.12.5 1.12.6 CPE 2.3info 🔒 🔒 🔒 CPE 2.2info 🔒 🔒 🔒 CVSSv4info VulDB Vector: 🔒 VulDB Reliability: 🔍 CVSSv3info VulDB Meta Base Score: 5.8 VulDB Meta Temp Score: 5.7 VulDB Base Score: 4.3 VulDB Temp Score: 4.1 VulDB Vector: 🔒 VulDB Reliability: 🔍 CNA Base Score: 7.4 CNA Vector (BCNY): 🔒 CVSSv2info Vector Complexity Authentication Confidentiality Integrity Availability Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock Unlock VulDB Base Score: 🔒 VulDB Temp Score: 🔒 VulDB Reliability: 🔍 Exploitinginfo Class: Ui layer CWE: CWE-1021 CAPEC: 🔒 ATT&CK: 🔒 Physical: No Local: No Remote: Yes Availability: 🔒 Status: Not defined Price Prediction: 🔍 Current Price Estimation: 🔒 0-Day Unlock Unlock Unlock Unlock Today Unlock Unlock Unlock Unlock Threat Intelligenceinfo Interest: 🔍 Active Actors: 🔍 Active APT Groups: 🔍 Countermeasuresinfo Recommended: Upgrade Status: 🔍 0-Day Time: 🔒 Upgrade: ArcSearch 1.12.7 Timelineinfo 02/11/2026 CVE reserved 03/20/2026 +37 days Advisory disclosed 03/20/2026 +0 days VulDB entry created 03/20/2026 +0 days VulDB entry last update Sourcesinfo Advisory: arc.net Status: Confirmed CVE: CVE-2026-2378 (🔒) GCVE (CVE): GCVE-0-2026-2378 GCVE (VulDB): GCVE-100-352140 scip Labs: https://www.scip.ch/en/?labs.20130704 Entryinfo Created: 03/20/2026 23:34 Changes: 03/20/2026 23:34 (66) Complete: 🔍 Cache ID: 99:EB4:101 Discussion No comments yet. Languages: en. Please log in to comment. ◂ PreviousOverviewNext ▸