{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T05:28:59.123","vulnerabilities":[{"cve":{"id":"CVE-2021-22916","sourceIdentifier":"support@hackerone.com","published":"2021-07-12T11:15:07.770","lastModified":"2024-11-21T05:50:54.547","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure."},{"lang":"es","value":"En Brave Desktop entre las versiones 1.17 y 1.26.60, cuando el adblocking está habilitado y una extensión de navegador proxy está instalada, la funcionalidad CNAME adblocking emite peticiones DNS que usaban la configuración DNS del sistema en lugar de la configuración proxy de la extensión, resultando en una posible divulgación de información"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:brave:brave:*:*:*:*:*:*:*:*","versionStartIncluding":"1.17.0","versionEndIncluding":"1.26.60","matchCriteriaId":"41D08F5F-EEE8-43E8-AA87-EF489B9DFD54"}]}]}],"references":[{"url":"https://hackerone.com/reports/1203842","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://hackerone.com/reports/1203842","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}