We use cookies to improve your experience on our site.
AVID-2026-R0251
Description
Data exfiltration via prompt injection
Details
Dia’s fetch_web_content feature was found to be vulnerable to data exfiltration through prompt injection, allowing attackers to extract sensitive user information by encoding it in URLs. Initial detection-based security measures failed, leading to the feature’s removal and a complete architectural redesign to enforce URL provenance and mitigate the risk of exploitation.
References
Affected or Relevant Artifacts
- Developer: The Browser Company
- Deployer:
- Artifact Details:
| Type | Name |
|---|---|
| System | Dia |
Impact
- (none)
Other information
- Report Type: Issue
- Credits: Dia Browser
- Date Reported: 2026-03-04
- Version: 0.3.2
- AVID Entry