CVE-2026-12068 | Information disclosure vulnerability in Avira Password Manag… | CVSS 7.4 HIGH

Description

Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux.

Metadata

CVE ID: CVE-2026-12068
State: PUBLISHED
Assigner: GEN
Reserved: 2026-06-12 09:09 UTC
Published: 2026-06-12 22:19 UTC
Last updated: 2026-06-12 22:19 UTC
Primary CWE: CWE-669
CWE-669 Incorrect Resource Transfer Between Contexts
Vendor / Product: Gen Digital / Avira Password Manager
Sources: cve.org · NVD

Severity & Metrics

7.4 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

Affected products (1)

Vendor	Product	Platform	Versions
Gen Digital	Avira Password Manager	Firefox,Windows,macOS,Linux	*

Weakness (CWE)

CWE	Source	Description
CWE-669	cna	CWE-669 Incorrect Resource Transfer Between Contexts

CVSS scores (1)

Score	Severity	Version	Source	Vector
7.4	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

References (1)

https://www.gendigital.com/us/en/contact-us/security-advisories/