Impact
A security flaw has been discovered in Browserbase Skills up to version 20260526. The vulnerability lies in an unknown function of the Autobrowse Trace Artifact Handler component, where manipulation causes trace artifact files to be created with incorrect default permissions. The attack requires local access; once local access is achieved, any local user can read, modify, or delete trace files, potentially exposing sensitive data or corrupting logs. The exploit has been publicly released, and the CVE initially listed Browserbase as the affected product; the issue actually impacts Browserbase/skills and the vendor has been notified early.
Affected Systems
All instances of Browserbase Skills released through 20260526 are affected. No other vendors or products are enumerated. The vulnerability resides specifically in the Autobrowse Trace Artifact Handler component and does not impact other components of Browserbase Skills.
Risk and Exploitability
The CVSS score of 4.8 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of widespread exploitation. The vulnerability is not listed in the CISA KEV catalog, but public proof‑of‑concept material confirms that the issue is exploitable, and the vendor has been notified. The attack requires a local approach, so an attacker must already have local system access. Once local access is achieved, the attacker can exploit the insecure permissions to read or modify trace artifacts.
OpenCVE Enrichment