CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-57501

unknowncovered by 1 sourcefirst seen 2026-07-09
Zen is a firefox-based browser. Prior to 1.21.5b, Zen's glance and split-view context-menu actions, Open link in glance and Split link in new tab, load a page-controlled link URL with the System principal instead of the originating page's principal, allowing a malicious web page to place a link to a file URL that can load with System privileges when opened through either context-menu item and bypass the content-to-file security check that blocks an ordinary click. This issue is fixed in version 1.21.5b.

⚡ Watch CVE-2026-57501

Get an email if CVE-2026-57501 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-57501

CVE.org record

Embed the live status

CVE-2026-57501 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-57501 status](https://www.csirts.com/badge/CVE-2026-57501)](https://www.csirts.com/cve/CVE-2026-57501)